Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Claymore CPU Miner (Fried my gfx card)


  • This topic is locked This topic is locked
7 replies to this topic

#1 Jayyyy

Jayyyy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 16 March 2016 - 02:34 AM

Hello,

 

So I fried my GFX card about 4 weeks ago and saved up for another. But since I've had it i've noticed some problems. Computer running slow, low fps, load in times are slow etc. And also my computer BEEPS 3 times before it starts up everything and I need to unplug and replug the HDMI cable for the display to show.

 

I did a custom scan on my computer and discovered I had a "TROJ.COiNMIN.NC" on my computer. Trend find the threat and tried to remove it but request my computer to be reset. So i attempt to reset my computer and it doesn't complete the process. Continues to tell me to try and reset to finish removal of threat.

 

So I went digging in my computer to try and locate the file trend was telling me was malicious. So i came across in my C:Windows/Temp folder a bunch of .exe and .txt files. So i opened a txt file and discovered this.

 

~

 

18:08:09:127 141c
18:08:09:127 141c ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
18:08:09:127 141c º            Claymore CryptoNote CPU Miner  v3.3 Beta            º
18:08:09:127 141c ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
18:08:09:330 141c 64-bit version
18:08:09:330 141c CPU supports AES-NI - faster mining!
18:08:09:330 141c Logical CPU cores: 4
18:08:09:330 141c Number of threads: Autoselection...
18:08:09:330 141c Using 3 threads
18:08:09:330 141c scfg: 1
18:08:09:330 141c 1 pool specified.
18:08:10:252 1448 Stratum - connecting to 'pool.monerocrypt.com' <46.165.232.77> port 1001
18:08:10:252 1444 Stratum - connecting to 'pool.monerocrypt.com' <46.165.232.77> port 1001
18:08:10:564 1444 Stratum - Connected
18:08:10:564 1448 Stratum - Connected
18:08:10:908 1444 got 303 bytes
18:08:10:908 1448 got 303 bytes
18:08:10:908 1444 parse packet: 303
18:08:10:908 1448 buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"228863809769973","job":{"blob":"01008b8da4b7056585d24cf68143576605dafd4068224b43b84169707d65470d39ffb19afde084000000008986089734e6a8d71396e113d66ab3be42044857c656f97a474a12a1f69b363001","job_id":"416998850973323","target":"711b0d00"},"status":"OK"}}
 
18:08:10:908 1444 new buf size: 0
18:08:10:908 1448 parse packet: 303
18:08:10:908 1448 new buf size: 0
18:08:10:908 1444 Pool Diff 5000
18:08:10:908 1444 df has same pool, skip
18:08:10:908 1448 DevFee: Pool Diff 5000
18:08:19:080 1438 round found 1 shares
18:08:19:096 1444 03/16/16-18:08:19 - SHARE FOUND (target 5000) - (THR 0 of 3)
18:08:19:487 1444 got 63 bytes
18:08:19:487 1444 buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}
 
18:08:19:487 1444 parse packet: 63
18:08:19:487 1444 Share accepted
18:08:19:487 1444 new buf size: 0
18:08:21:002 1444 got 253 bytes
18:08:21:002 1444 buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"01008c8da4b7056585d24cf68143576605dafd4068224b43b84169707d65470d39ffb19afde08400000000b4fa7124b85034616c993b8b210a8b1810949dcb7de2d47545ca51416f3b99c201","job_id":"149856185354292","target":"b88d0600"}}
 
18:08:21:002 1444 parse packet: 253
18:08:21:002 1444 new buf size: 0
18:08:21:002 1444 df has same pool, skip
18:08:21:002 1444 03/16/16-18:08:21 - New job received from pool.monerocrypt.com:1001
18:08:21:002 1444 Speed: 183 h/s, TotalHashes: 2K, DevHashes: 0K Mining time:
18:08:21:002 1444 00:00
 
 
 
~
 
Now I assume this is a horrible thing to have on my computer, and is the sole reason it is running slow + fried my GFX card. My question is can I handle this threat myself with help from someone here or do I need to take it to a computer Technician?
 
Thankyou for your time and help if you reply.


BC AdBot (Login to Remove)

 


#2 Jayyyy

Jayyyy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 16 March 2016 - 05:11 AM

I seen some other threads about this, and decided to jump the gun and get the logs from Adware and FRST.

 

Here is the adware one,

 

# AdwCleaner v5.102 - Logfile created 16/03/2016 at 21:00:32
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Dane - DANESPEEDY
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\Users\Dane\AppData\Roaming\ParetoLogic
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : LaunchSignup
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [904 bytes] - [16/03/2016 21:00:32]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1057 bytes] - [16/03/2016 20:59:19]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1089 bytes] ##########


#3 Jayyyy

Jayyyy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 16 March 2016 - 05:14 AM

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Dane (administrator) on DANESPEEDY (16-03-2016 21:12:25)
Running from D:\Downloads
Loaded Profiles: Dane (Available Profiles: Dane & DefaultAppPool)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Hi-Rez Studios) D:\Downloads\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Dane\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266688 2015-05-04] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-21] (Trend Micro Inc.)
HKLM-x32\...\Run: [Rapoo V20] => C:\Program Files (x86)\Rapoo\V20\Start.exe [802304 2014-03-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22035560 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Dane\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\MountPoints2: {45405463-46b6-11e4-824c-806e6f6e6963} - "E:\Install.exe" 
Startup: C:\Users\Dane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-12] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2C3CF0D0-2DB6-4A2A-891B-0D0737B9DE12}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{55AE7271-8A7B-4580-868C-711326DDDE58}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-974056010-686471929-124933443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-974056010-686471929-124933443-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-21] (Trend Micro Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Dane\AppData\Roaming\Mozilla\Firefox\Profiles\yvy4c3cz.default
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-09-29] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-974056010-686471929-124933443-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Dane\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-25] (Citrix Online)
FF Extension: Greasemonkey - C:\Users\Dane\AppData\Roaming\Mozilla\Firefox\Profiles\yvy4c3cz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-30]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-03-10]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-08-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-03-10]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR Profile: C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Steam inventory helper) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-15]
CHR Extension: (Google Search) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-20]
CHR Extension: (Gmail) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-07-11] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 HiPatchService; D:\Downloads\HiPatchService.exe [9728 2016-02-03] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Sims\Origin\OriginClientService.exe [2104840 2016-01-09] (Electronic Arts)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187328 2015-05-04] (Trend Micro Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-26] ()
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-16] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-03-16] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-16] ()
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-30] (Trend Micro Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2016-02-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rpvm100d; C:\Windows\system32\drivers\rpvm100d.sys [30976 2014-03-10] (RAPOO)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2013-03-05] (Realtek Semiconductor Corporation                           )
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [130872 2015-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [315704 2015-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-10] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-10] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [101688 2015-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-10] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XENfiltv; C:\Windows\system32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S1 ESEADriver2; \??\C:\Users\Dane\AppData\Local\Temp\ESEADriver2.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-16 21:12 - 2016-03-16 21:12 - 00000000 ____D C:\FRST
2016-03-16 20:58 - 2016-03-16 21:00 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-16 19:42 - 2016-03-16 21:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-16 19:42 - 2016-03-16 19:42 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-16 19:42 - 2016-03-16 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-16 19:42 - 2016-03-16 19:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-16 19:42 - 2016-03-16 19:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-16 19:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-16 19:42 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-16 19:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-16 19:38 - 2016-03-16 19:38 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-16 19:38 - 2016-03-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-16 18:46 - 2016-03-16 18:46 - 00003326 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2016-03-16 18:46 - 2016-03-16 18:46 - 00000000 ____D C:\Users\Dane\AppData\Roaming\Enigma Software Group
2016-03-16 18:46 - 2016-03-16 18:46 - 00000000 ____D C:\sh4ldr
2016-03-16 18:46 - 2016-03-16 18:46 - 00000000 _____ C:\autoexec.bat
2016-03-16 18:45 - 2016-03-16 18:45 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-16 18:45 - 2016-03-16 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-12 17:42 - 2016-03-08 17:15 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-12 17:41 - 2016-03-12 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-12 17:41 - 2016-03-12 17:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-12 17:41 - 2016-03-08 21:07 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 22932928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 21313024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 20854680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 18879544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 17725040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 17318184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 17246680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 16439328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 12564024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-12 17:41 - 2016-03-08 21:07 - 10546944 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 08658120 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 03233336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 02808768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00956984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00886840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00749504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00693816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00502080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00473056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00423080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00391632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-12 17:41 - 2016-03-08 21:07 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-12 17:41 - 2016-03-08 21:07 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-12 17:41 - 2016-02-14 12:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-12 17:41 - 2016-02-14 12:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-12 17:41 - 2016-02-14 12:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-12 17:41 - 2016-02-14 12:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-10 21:56 - 2016-02-21 02:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-10 21:56 - 2016-02-21 02:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-10 21:56 - 2016-02-21 02:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-10 21:56 - 2016-02-21 02:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-10 21:56 - 2016-02-21 02:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-10 21:56 - 2016-02-21 02:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-10 21:56 - 2016-02-09 08:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-10 21:56 - 2016-02-09 07:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-10 21:56 - 2016-02-09 07:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-10 21:56 - 2016-02-09 07:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-10 21:56 - 2016-02-09 07:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-10 21:56 - 2016-02-09 07:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-10 21:56 - 2016-02-09 07:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-10 21:56 - 2016-02-09 07:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-10 21:56 - 2016-02-09 07:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-10 21:56 - 2016-02-09 07:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-10 21:56 - 2016-02-09 06:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-10 21:56 - 2016-02-09 06:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-10 21:56 - 2016-02-09 06:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-10 21:56 - 2016-02-09 05:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-10 21:56 - 2016-02-09 05:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-10 21:56 - 2016-02-09 05:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-10 21:56 - 2016-02-09 04:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-10 21:56 - 2016-02-09 04:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-10 21:56 - 2016-02-09 04:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-10 21:56 - 2016-02-09 04:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-10 21:56 - 2016-02-06 06:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-10 21:56 - 2016-01-07 05:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-10 21:56 - 2015-12-31 08:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-10 21:55 - 2016-02-09 07:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-10 21:55 - 2016-02-09 07:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-10 21:55 - 2016-02-09 05:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-10 21:55 - 2016-02-09 05:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-10 21:55 - 2016-02-09 04:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-10 21:55 - 2016-02-09 04:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-10 21:55 - 2016-02-09 04:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-10 21:55 - 2016-02-09 04:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-10 21:55 - 2016-02-09 04:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-10 21:55 - 2016-02-09 03:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-10 21:54 - 2016-02-13 06:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-10 21:54 - 2016-02-13 02:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-10 21:54 - 2016-02-13 01:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-10 21:54 - 2016-02-13 01:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-10 21:54 - 2016-02-13 01:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-10 21:54 - 2016-02-13 01:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-10 21:54 - 2016-02-13 01:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-10 21:54 - 2016-02-13 01:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-10 21:54 - 2016-02-13 01:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-10 21:54 - 2016-02-13 01:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-10 21:54 - 2016-02-13 01:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-10 21:54 - 2016-02-13 01:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-10 21:54 - 2016-02-12 01:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-10 21:54 - 2016-02-12 01:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-10 21:54 - 2016-02-12 01:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-10 21:54 - 2016-02-12 01:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-10 21:54 - 2016-02-07 05:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-10 21:54 - 2016-02-07 03:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-10 21:54 - 2016-02-07 03:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-10 21:54 - 2016-02-06 06:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-10 21:54 - 2016-02-06 06:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-10 21:54 - 2016-02-06 02:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-10 21:54 - 2016-02-06 02:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-10 21:54 - 2016-02-06 01:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 21:54 - 2016-02-06 01:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 21:54 - 2016-02-06 01:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-10 21:54 - 2016-02-06 01:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-10 21:54 - 2016-02-05 05:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-10 21:54 - 2016-02-05 05:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-10 21:54 - 2016-02-05 05:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-10 21:54 - 2016-02-05 04:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-10 21:54 - 2016-02-05 04:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-10 21:54 - 2016-02-05 04:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-10 21:54 - 2016-02-05 04:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-10 21:54 - 2016-02-04 07:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-10 21:54 - 2016-02-04 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-10 21:54 - 2016-02-04 02:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-10 21:54 - 2016-02-04 02:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-10 21:54 - 2016-02-04 02:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-10 21:54 - 2016-02-01 06:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-10 21:54 - 2016-01-25 05:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-10 21:54 - 2016-01-25 05:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-10 21:54 - 2016-01-25 05:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-10 21:54 - 2016-01-24 22:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-10 21:54 - 2016-01-24 22:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-10 21:54 - 2016-01-16 03:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-10 21:54 - 2016-01-16 03:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-10 21:54 - 2016-01-11 03:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-10 21:54 - 2016-01-11 03:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-10 21:54 - 2016-01-09 12:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-10 21:54 - 2016-01-09 12:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-10 21:54 - 2016-01-09 12:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-10 21:54 - 2016-01-07 10:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-10 21:54 - 2016-01-07 10:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-10 21:54 - 2016-01-07 03:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-10 21:54 - 2016-01-06 02:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-10 21:54 - 2015-12-31 07:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-03-10 21:54 - 2015-12-21 01:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-10 21:54 - 2015-12-21 01:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-10 21:54 - 2015-12-21 01:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-10 21:54 - 2015-11-20 01:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-10 21:54 - 2015-11-20 01:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-10 21:38 - 2016-03-10 21:38 - 00000000 ____D C:\Users\Dane\AppData\Roaming\TeamViewer
2016-03-10 18:21 - 2016-03-10 18:22 - 00003540 _____ C:\WINDOWS\System32\Tasks\Trend Micro Inspect of Platinum
2016-02-23 06:27 - 2016-02-23 06:27 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\Trufos.sys
2016-02-22 18:26 - 2016-03-16 19:10 - 00061653 _____ C:\WINDOWS\temp023423.vbe
2016-02-21 17:02 - 2016-02-27 01:28 - 00000000 ____D C:\Users\Dane\Desktop\BoL+Studio
2016-02-20 19:04 - 2016-02-27 20:19 - 00000000 ____D C:\Users\Dane\AppData\Roaming\BoL
2016-02-20 19:02 - 2016-02-20 19:02 - 00000000 ____D C:\Scripts
2016-02-20 17:55 - 2016-02-21 15:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-18 19:28 - 2016-02-18 19:27 - 02132480 _____ C:\Users\Dane\Desktop\BoL Studio.exe
2016-02-18 17:40 - 2016-02-09 19:39 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll
2016-02-18 17:40 - 2016-02-09 19:39 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll
2016-02-18 17:40 - 2016-02-09 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2016-02-18 17:40 - 2016-02-09 19:39 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2016-02-18 16:40 - 2016-01-11 06:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-18 16:40 - 2016-01-11 05:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-18 16:40 - 2016-01-11 05:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-18 16:40 - 2016-01-11 05:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-18 16:40 - 2016-01-11 04:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-18 16:40 - 2016-01-11 04:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-18 16:40 - 2016-01-11 04:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-18 16:40 - 2016-01-11 04:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-18 16:40 - 2016-01-11 04:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-18 16:40 - 2016-01-11 04:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-18 16:40 - 2016-01-11 04:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-18 16:40 - 2016-01-11 04:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-18 16:40 - 2016-01-11 03:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-18 16:40 - 2016-01-11 03:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-18 16:40 - 2016-01-11 03:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-18 16:40 - 2016-01-11 03:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-18 16:40 - 2016-01-11 03:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-18 16:39 - 2016-01-22 19:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-18 16:39 - 2016-01-22 18:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-18 16:39 - 2016-01-22 16:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-18 16:39 - 2016-01-22 16:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-18 16:39 - 2016-01-22 16:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-18 16:39 - 2016-01-22 15:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-18 16:39 - 2016-01-20 06:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-18 16:39 - 2016-01-20 06:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-18 16:39 - 2016-01-20 06:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-18 16:39 - 2016-01-20 06:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-18 16:39 - 2016-01-20 06:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-18 16:39 - 2016-01-20 05:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-18 16:39 - 2016-01-20 05:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-18 16:39 - 2016-01-20 05:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-18 16:39 - 2016-01-20 05:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-18 16:39 - 2016-01-20 04:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-18 16:39 - 2016-01-20 03:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-18 16:39 - 2016-01-07 05:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-18 16:38 - 2015-12-29 08:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-18 16:38 - 2015-12-29 07:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-18 16:37 - 2015-12-18 05:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-18 16:37 - 2015-12-18 03:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-18 16:14 - 2016-02-18 16:14 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-16 21:11 - 2014-09-28 14:40 - 00000000 ____D C:\Users\Dane\AppData\Roaming\Skype
2016-03-16 21:10 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-16 21:08 - 2014-09-28 14:06 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 21:07 - 2014-09-28 14:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-16 21:07 - 2013-08-23 01:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-16 20:53 - 2015-08-25 09:40 - 00000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-974056010-686471929-124933443-1001.job
2016-03-16 20:16 - 2015-08-25 09:40 - 00000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-974056010-686471929-124933443-1001.job
2016-03-16 20:14 - 2014-09-28 14:00 - 00339448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-16 20:14 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-16 19:49 - 2014-09-28 14:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-974056010-686471929-124933443-1001
2016-03-16 19:42 - 2015-05-22 18:59 - 00249856 ___SH C:\Users\Dane\Desktop\Thumbs.db
2016-03-16 19:38 - 2016-01-31 12:24 - 00000000 ____D C:\Users\Dane\AppData\Local\CrashDumps
2016-03-16 19:30 - 2014-09-28 11:51 - 00000000 ___HD C:\Users\Dane\AppData\Roaming\Origin
2016-03-16 19:29 - 2014-09-28 11:38 - 00000000 ___HD C:\ProgramData\Origin
2016-03-16 19:11 - 2015-01-16 21:09 - 00025088 _____ (Trend Micro Inc.) C:\WINDOWS\DCEBoot64.exe
2016-03-16 18:46 - 2014-09-28 13:24 - 00000000 ____D C:\Users\Dane
2016-03-16 18:14 - 2015-07-12 05:01 - 00000000 ____D C:\Users\Dane\AppData\Local\Deployment
2016-03-15 19:12 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-15 18:34 - 2014-09-28 14:06 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 18:34 - 2014-09-28 14:06 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 18:29 - 2014-09-28 14:05 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7133538-DC70-4DCF-929F-B14174A4A3EE}
2016-03-13 20:50 - 2015-08-25 09:40 - 00003676 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-974056010-686471929-124933443-1001
2016-03-13 20:50 - 2015-08-25 09:40 - 00003580 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-974056010-686471929-124933443-1001
2016-03-13 20:12 - 2013-08-23 01:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-13 00:49 - 2014-12-13 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-13 00:49 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-03-13 00:49 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-03-12 17:42 - 2014-09-28 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-12 17:42 - 2014-09-28 14:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-12 17:35 - 2013-08-23 02:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 17:35 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-12 17:35 - 2013-08-23 02:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-12 17:30 - 2015-07-12 21:34 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-12 17:28 - 2014-09-29 17:03 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-12 17:28 - 2014-09-29 17:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 21:44 - 2015-09-20 18:48 - 00000000 ____D C:\Users\Dane\AppData\Roaming\TS3Client
2016-03-10 21:39 - 2015-10-22 21:44 - 00000000 ____D C:\Users\Dane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2016-03-10 21:38 - 2016-01-05 22:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-10 21:36 - 2015-10-22 21:44 - 00000000 ____D C:\Users\Dane\AppData\Local\NexonLauncher
2016-03-10 21:35 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-10 19:24 - 2014-09-27 22:05 - 00000010 _____ C:\Users\Dane\AppData\Local\sponge.last.runtime.cache
2016-03-10 18:32 - 2014-09-29 22:04 - 00399360 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2016-03-10 18:17 - 2015-12-09 12:19 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-10 18:17 - 2015-12-09 12:19 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-10 18:17 - 2015-12-09 12:19 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-03-08 21:07 - 2014-09-28 14:28 - 18990976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 21:07 - 2014-09-28 14:28 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 21:07 - 2014-09-28 14:28 - 03711024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 21:07 - 2014-09-28 14:28 - 03283896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 21:07 - 2014-09-28 14:28 - 00036743 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 18:00 - 2013-08-23 02:38 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 18:00 - 2013-08-23 02:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 17:27 - 2016-01-28 19:07 - 00532536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 17:27 - 2016-01-28 19:07 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-08 17:27 - 2014-10-25 21:56 - 02561472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 17:27 - 2014-09-28 14:28 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 17:27 - 2014-09-28 14:28 - 02994232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 17:27 - 2014-09-28 14:28 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 17:27 - 2014-09-28 14:28 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 17:27 - 2014-09-28 14:28 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-07 15:23 - 2014-09-28 14:28 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-26 23:06 - 2015-04-05 21:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-02-26 23:06 - 2015-04-05 21:36 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-21 15:42 - 2015-03-02 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-21 01:17 - 2013-08-23 02:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-20 16:27 - 2013-08-23 07:59 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-20 16:15 - 2014-09-28 14:29 - 00000000 ____D C:\Users\Dane\AppData\Local\NVIDIA Corporation
2016-02-20 16:15 - 2014-09-28 14:29 - 00000000 ____D C:\Users\Dane\AppData\Local\NVIDIA
2016-02-18 16:40 - 2014-09-28 14:06 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-18 16:40 - 2014-09-28 14:06 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-18 16:40 - 2014-09-28 14:06 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 16:37 - 2015-11-12 22:09 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-18 16:37 - 2015-11-12 22:09 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-18 16:21 - 2016-01-05 09:14 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.TXT
2016-02-18 16:21 - 2015-11-15 16:51 - 00000707 _____ C:\Users\Public\Desktop\Smite.lnk
2016-02-18 16:21 - 2015-11-15 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-02-17 17:40 - 2016-01-28 18:53 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-17 17:40 - 2014-09-28 14:29 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-02-17 17:40 - 2014-09-28 14:29 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-02-17 17:40 - 2014-09-28 14:29 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-02-17 17:40 - 2014-09-28 14:29 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
 
==================== Files in the root of some directories =======
 
2016-03-16 18:52 - 2016-03-16 19:06 - 0000115 _____ () C:\Users\Dane\AppData\Roaming\LogFile.txt
2014-09-28 15:02 - 2014-09-28 15:02 - 0000036 _____ () C:\Users\Dane\AppData\Local\housecall.guid.cache
2014-09-29 21:27 - 2014-09-29 21:27 - 0007597 _____ () C:\Users\Dane\AppData\Local\Resmon.ResmonCfg
2014-09-27 22:05 - 2016-03-10 19:24 - 0000010 _____ () C:\Users\Dane\AppData\Local\sponge.last.runtime.cache
2014-09-28 14:32 - 2014-09-28 14:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-14 11:35 - 2016-01-14 11:35 - 0001165 _____ () C:\ProgramData\HirezPipeError.txt
 
Files to move or delete:
====================
C:\Users\Dane\alotic_preferences.dat
C:\Users\Dane\alotic_preferences2.dat
C:\Users\Dane\ent_ikov_preferences.dat
C:\Users\Dane\system32log.dat
C:\Users\Dane\YOUR CLIENT NAME HERE_runescape_preferences.dat
C:\Users\Dane\YOUR CLIENT NAME HERE_runescape_preferences2.dat
 
 
Some files in TEMP:
====================
C:\Users\Dane\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Dane\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Dane\AppData\Local\Temp\nvStInst.exe
C:\Users\Dane\AppData\Local\Temp\sqlite3.dll
C:\Users\Dane\AppData\Local\Temp\_is35D2.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-10 21:48
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Dane (2016-03-16 21:12:41)
Running from D:\Downloads
Windows 8.1 (X64) (2014-09-28 02:24:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-974056010-686471929-124933443-500 - Administrator - Disabled)
Dane (S-1-5-21-974056010-686471929-124933443-1001 - Administrator - Enabled) => C:\Users\Dane
Guest (S-1-5-21-974056010-686471929-124933443-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-974056010-686471929-124933443-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.1.0 - ASUS)
Bastion (HKLM-x32\...\Bastion_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Darksiders II (HKLM-x32\...\{80E34226-8D94-482F-B4BC-36F39CBFD267}_is1) (Version:  - )
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Realm (HKLM-x32\...\Steam App 352460) (Version:  - Section Studios)
Dekaron (HKLM-x32\...\GlobalDK) (Version: 1.00.0000 - GameHI)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
ESEA Client (HKU\S-1-5-21-974056010-686471929-124933443-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.13.1.4628 (HKU\S-1-5-21-974056010-686471929-124933443-1001\...\GoToMeeting) (Version: 7.13.1.4628 - CitrixOnline)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MotoGP™14 (HKLM-x32\...\Steam App 256390) (Version:  - Milestone S.r.l.)
Movavi Video Converter 15 (HKLM-x32\...\Movavi Video Converter 15) (Version: 15.1.0 - Movavi)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 364.51 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.6 (HKLM-x32\...\{05BFC9A4-24B2-4E96-A450-A3D926A64C20}) (Version: 1.2.6 - Jagex Ltd)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PkHonor (HKLM-x32\...\PkHonor_0) (Version:  - PkHonor)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
Rapoo V20 Gaming Mouse Driver (HKLM-x32\...\{BDDF92F5-5C12-41A9-844C-B2E1C1CC063A}_is1) (Version:  - Rapoo Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
rFactor2 (HKLM-x32\...\rFactor2) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Setup - FIFA 14 Ultimate Edition ... (HKLM-x32\...\Setup - FIFA 14 Ultimate Edition ...) (Version: ... - Electronic Arts)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.2.3247.1 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-974056010-686471929-124933443-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-974056010-686471929-124933443-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dane\AppData\Local\Citrix\GoToMeeting\3215\G2MOutlookAddin64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B17E787-4DF5-487B-9E6C-32ED981E7AFA} - System32\Tasks\{6A72D8F6-A0EA-4863-ACCC-7BAA0FBBEC9B} => pcalua.exe -a C:\Users\Dane\Desktop\linuxpb\pb\pbsetup.exe -d C:\Users\Dane\Desktop\linuxpb\pb
Task: {122A341B-F0E1-4F16-AF70-68B0FFB9EB8B} - System32\Tasks\Origin => C:\Users\Dane\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {18F3127B-C8B0-4429-BD72-DFF4862BF30C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd)
Task: {2C625FE4-6770-423B-A933-FB5EDE0F4E6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-12] (Microsoft Corporation)
Task: {48EBD075-0027-4BA4-97C6-64C0F27D2037} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-12] (Microsoft Corporation)
Task: {567FDCDA-4779-4946-B968-10C9E7532EEF} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-05-04] (Trend Micro Inc.)
Task: {5E42642C-E12E-417F-A471-B4CDE12F1B0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A4DC140-C6CD-4CAA-AE20-F6ED8729C057} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9828E156-DA34-46D7-A031-C3B5EFD2D0AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-974056010-686471929-124933443-1001 => C:\Users\Dane\AppData\Local\Citrix\GoToMeeting\4628\g2mupdate.exe [2016-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B90A1C9E-5D0E-4CB9-BF24-D1E77E87DBCD} - System32\Tasks\{84F703DB-2EA1-42C4-9A9F-AD6A023D7011} => pcalua.exe -a D:\Downloads\appdata\Setup.exe -d D:\Downloads\appdata
Task: {D741231D-45CF-42E4-AA44-958BFD98C301} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-03-16] (Enigma Software Group USA, LLC.)
Task: {E5B1ACFF-1DAD-4A65-87D3-B5D42EE26C4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E9EC1678-9A9B-4AC0-BA6F-E8DF2E14AF5F} - System32\Tasks\G2MUploadTask-S-1-5-21-974056010-686471929-124933443-1001 => C:\Users\Dane\AppData\Local\Citrix\GoToMeeting\4628\g2mupload.exe [2016-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-974056010-686471929-124933443-1001.job => C:\Users\Dane\AppData\Local\Citrix\GoToMeeting\4628\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-974056010-686471929-124933443-1001.job => C:\Users\Dane\AppData\Local\Citrix\GoToMeeting\4628\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Public\Desktop\Play PkHonor.bat.lnk -> C:\Users\Dane\Documents\My Games\PkHonor\Play PkHonor.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-09-28 14:28 - 2016-03-08 17:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-28 15:03 - 2014-07-10 03:03 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-09-28 15:03 - 2014-07-10 03:02 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-09-28 15:03 - 2014-07-10 03:03 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-09-28 15:03 - 2014-07-10 03:03 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-09-28 15:03 - 2014-07-10 03:02 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-09-28 15:02 - 2014-07-21 06:04 - 00168584 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-28 14:31 - 2013-07-04 04:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-03-10 18:26 - 2015-05-04 17:23 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2016-03-10 18:26 - 2015-05-04 17:23 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2016-03-10 18:26 - 2015-05-04 17:23 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2016-03-10 18:26 - 2015-05-04 17:23 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2014-09-28 15:02 - 2014-07-21 06:05 - 00065560 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2016-02-20 16:15 - 2016-02-17 17:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-28 18:53 - 2016-02-17 17:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-02-20 16:15 - 2016-02-17 17:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2014-10-12 01:09 - 2014-10-26 16:24 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-09-28 14:31 - 2016-03-16 21:07 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-09-28 14:31 - 2013-07-04 04:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-07-17 00:00 - 2016-02-17 18:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-15 18:34 - 2016-03-08 13:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-15 18:34 - 2016-03-08 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2014-09-28 15:02 - 2014-07-21 06:05 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll
2014-09-28 15:02 - 2014-07-21 06:05 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2016-03-10 19:17 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\Dane\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-974056010-686471929-124933443-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-974056010-686471929-124933443-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-974056010-686471929-124933443-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-974056010-686471929-124933443-1001\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-974056010-686471929-124933443-1001\Control Panel\Desktop\\Wallpaper -> D:\Photos\Wallpaper 2.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-974056010-686471929-124933443-1001\...\StartupApproved\Run: => "MurGee.com Auto Clicker"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D25CCF30-88CD-4865-8DF2-551D3B1D45D6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC8CAA23-5193-48AA-9287-D8FDE1DA5BB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{74F196A6-1D90-44EB-AC0F-D937D2199B47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6807D25-93CE-42B8-AB4D-75B911ED62CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E853F12-8742-49BE-8B2B-7AC47087D559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A93D52CD-E71C-4E44-AB19-BB9EA56F2124}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{95243E90-9822-4627-A576-D2DC064530FC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0A77624F-D892-4C1E-86FE-AF44F336BE1C}] => (Allow) D:\Downloads\Steam\Steam.exe
FirewallRules: [{B8303B64-761B-442F-9426-E1A1E19A4EF8}] => (Allow) D:\Downloads\Steam\Steam.exe
FirewallRules: [{2B093E5B-3E42-431E-A4D5-D517E16D85CE}] => (Allow) D:\Downloads\Steam\bin\steamwebhelper.exe
FirewallRules: [{AC21F02A-740A-4D55-8093-B702E6712816}] => (Allow) D:\Downloads\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{2706A12E-0557-454E-B8E6-BAEFACC4D1E7}C:\users\dane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dane\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{61CA2AD8-EB6C-46CF-94DA-3E66CB45D724}C:\users\dane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dane\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7C60D586-5305-45F0-9136-02BB100CC935}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{3758500B-A438-491C-9F48-542DDD0AF41F}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{3D65DCC0-6D09-496A-9C27-284541AF3F05}] => (Allow) D:\Downloads\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{88FF9199-1A5C-48DE-B09F-D82695884785}] => (Allow) D:\Downloads\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{90D77DCF-BEE5-44F1-B1D3-0CC0B1D7ABAD}] => (Allow) D:\Downloads\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{BAE19AB0-7771-42E8-B680-92FFA74A31BA}] => (Allow) D:\Downloads\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{43DD877B-2342-4846-8BE1-7BB4D5ACA3D4}C:\users\dane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dane\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C02814B9-9E1A-4C10-8DD4-1C4FE5E75B7E}C:\users\dane\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dane\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C02C5487-3301-4217-BF16-2BB8C0079FBE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{76D0ADD0-A84F-420D-A23F-8C51733FF37E}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{58378FAF-0277-47F9-945E-A6D441963572}] => (Allow) D:\Downloads\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{71886813-D763-4239-9870-DB9070C5B31C}] => (Allow) D:\Downloads\Steam\SteamApps\common\The War Z\WarZlauncher.exe
FirewallRules: [{88030C90-7C39-46F4-9F5E-6303E88635AD}] => (Allow) D:\Downloads\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{4845D827-E946-4AD8-9B71-C9E1FDC907CF}] => (Allow) D:\Downloads\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{6BC7850F-7634-4E0E-9976-9F7CF892071E}] => (Allow) D:\Sims\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0C2629CE-63F5-4F96-9847-A8CEA3D70C0F}] => (Allow) D:\Sims\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{034F48BB-561C-45DD-B3EE-2EDC9B6106A5}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{973FF306-B18A-4831-AB86-E0621E2183D6}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{33095956-64C8-4A34-ADEF-84F7124BD943}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{33CF1118-A4A7-4D2B-BC38-5D1E4BCC84D9}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{3A4F8C8C-FAA9-4FC0-8922-163A8FBD9F55}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ED6C21EF-95DD-4D1F-978A-C672621732C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4C8FF46E-BD02-49CE-820E-5BB2C323D11A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EBED3E69-5A76-42C9-BA8C-4A1A67E74DBE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{4945504F-AF54-497E-A45C-3824CD838975}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{7051E27F-5A53-42CC-B016-55EBBB0AB3D4}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{1AC6C7A8-565F-4393-9548-A97EA818A5A3}] => (Allow) D:\Downloads\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{195889FB-3EA3-4BBA-8E48-5ECB4B2EC054}] => (Allow) D:\Downloads\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{56A59305-42E4-4A0E-9C8C-9CA1F0CD1DD1}] => (Allow) D:\Downloads\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{86CE31A3-448C-4265-807E-0A558C1787C4}] => (Allow) D:\Downloads\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [TCP Query User{F0D33E8B-3E0F-4760-94AC-6E940025EF69}D:\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{9B6DAA15-F9E2-4F41-974C-75F592FE2E3E}D:\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\downloads\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{615D5EF4-31A0-4199-BF53-E15E5E14299B}D:\call of duty 4\cod4mw\setup\data\iw3mp.exe] => (Block) D:\call of duty 4\cod4mw\setup\data\iw3mp.exe
FirewallRules: [UDP Query User{5E828518-1BAA-4DAA-8918-EC80946FDF64}D:\call of duty 4\cod4mw\setup\data\iw3mp.exe] => (Block) D:\call of duty 4\cod4mw\setup\data\iw3mp.exe
FirewallRules: [{A2AA7D20-FFD8-43C7-8A36-90773965074F}] => (Allow) D:\Sims\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{CF23D78F-6491-4A5C-92A6-747CC0FF113F}] => (Allow) D:\Sims\Need for Speed™ Rivals\NFS14_x86.exe
FirewallRules: [{51C5CEFE-0C42-48E3-A33C-BDD30AFE22D5}] => (Allow) D:\Sims\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [{41DAE2CC-3F58-4652-96A5-9C3493765418}] => (Allow) D:\Sims\Need for Speed™ Rivals\NFS14.exe
FirewallRules: [TCP Query User{37E55FF8-EE84-4F22-968C-9E01B7FD9BF2}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{DA05D5DC-2109-4B63-97D2-27C1B8EAA09E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{FA6D3055-90DC-44A5-BD41-47BCF9589230}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{DB39DBE5-4BE7-41BA-8B67-323FD39893FA}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{FE3D797B-D70E-408F-BC3A-A5530AED531A}] => (Allow) D:\Downloads\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{6BFA6E41-D9DD-4EED-988D-FEDDFC9CC783}] => (Allow) D:\Downloads\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{4817B501-88A1-4C30-AE8D-96756E9EFB40}] => (Allow) D:\Downloads\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{B87A999A-9893-4914-ADE6-FC3DE355A418}] => (Allow) D:\Downloads\Steam\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{849B0B4C-5898-4B67-B040-106568EB8ECA}] => (Allow) D:\Downloads\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{37CB854B-C024-40C6-AC85-EE4C96C0C4BD}] => (Allow) D:\Downloads\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5C12DB02-A6A9-4FF7-8FF4-92BE5CEFBEAD}] => (Allow) D:\Downloads\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{3EAB1BEE-E9DE-4653-9AB0-17797FD817BE}] => (Allow) D:\Downloads\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6B2061C5-1704-4150-BE46-E40C3EE9918F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9766ED9-6AB8-4AF4-B1A0-5525DBD08CFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47315B5A-2696-404B-83B8-3A4C82E1B4A3}] => (Allow) D:\Downloads\Steam\SteamApps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{130011DB-AD14-4D21-9710-8EB309C100E9}] => (Allow) D:\Downloads\Steam\SteamApps\common\DB Xenoverse\DBXV.exe
FirewallRules: [{8D2C6FFF-D784-417B-B229-F72CCA17F3C2}] => (Allow) D:\iTunes\iTunes.exe
FirewallRules: [TCP Query User{502F9B70-61E7-42DD-AA48-C96904966C3B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8C73ECE-4BD7-4B07-9FE1-948CCE23F59B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0E9738B9-5514-4B9C-B6A0-CC291E86E815}] => (Allow) D:\Downloads\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{7E2F2E6D-8C6E-4D08-ACCF-610CC73FAF8C}] => (Allow) D:\Downloads\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{9EAE3D8B-B92A-4FC8-BDC5-53C654312982}] => (Allow) D:\Downloads\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{0D7BC733-0AC9-48E2-804C-535252AA1C74}] => (Allow) D:\Downloads\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{2D427368-39DC-41F1-838B-86330ED7DDA0}] => (Allow) D:\Downloads\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{ECD9F09F-8319-4F27-BD69-7BB79473AD5A}] => (Allow) D:\Downloads\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{D67AD413-EF86-467F-AB70-76D5410F8D02}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{88D9CCAF-1754-410A-B8E9-7BFA16CD362F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0033664-B03C-4A2F-B9C9-BC2B591933A9}] => (Allow) D:\Downloads\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{544ADEA1-E099-48C8-99E7-B6B7741CDF03}] => (Allow) D:\Downloads\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{C86E1CC9-B258-44AF-8A84-3382279485C8}] => (Allow) D:\Downloads\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [{AA8CD918-2A38-44F0-853A-4BC726E98932}] => (Allow) D:\Downloads\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{2F7011CF-C0A8-42B8-ACD5-6F4CDE95D900}D:\downloads\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\downloads\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{02C8CAC0-D2A4-4B7A-8C62-C077B30C5296}D:\downloads\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\downloads\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{3C563C13-ECD6-4923-8AB6-80F9255FD7FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8496895A-A084-4439-8044-BC276B64584E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{419FF5B6-A7FB-42D6-ACA2-60FE5504239F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CC1EE8B-EB8D-4D37-B6D6-AAD07E4AA8F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6BAB5E81-0D8E-4B41-80CA-AC7175C1FF9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C83D8E5-2F63-4783-8B37-704C5471C880}D:\downloads\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\downloads\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{1110372E-4086-40B9-9B4C-25A0D3166F0F}D:\downloads\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\downloads\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{D0D32870-EBFC-4636-BB32-698FD0F6AEA8}] => (Allow) D:\Downloads\Steam\SteamApps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{31702959-1B75-450E-970D-B8A3E34F92C2}] => (Allow) D:\Downloads\Steam\SteamApps\common\DeadRealm\DeadRealm.exe
FirewallRules: [{C0BB324F-AFAD-4BBC-AB3B-ED3997531045}] => (Allow) D:\Downloads\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{41210616-53C1-44FF-AC4D-D025820C55BE}] => (Allow) D:\Downloads\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{7AC617A5-8E45-4857-AA82-31631696B79A}] => (Allow) D:\Downloads\Steam\SteamApps\common\MotoGP2014\MotoGP14X64.exe
FirewallRules: [{44B9E09F-C0B3-496A-8AEA-C2616C9AC276}] => (Allow) D:\Downloads\Steam\SteamApps\common\MotoGP2014\MotoGP14X64.exe
FirewallRules: [{4A5CA729-6D2A-4930-A20C-D4EA21334BE2}] => (Allow) D:\Downloads\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0A7AEF99-66E3-4DEA-AC4F-BF7A7771A017}] => (Allow) D:\Downloads\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{805C759B-4B4E-4D73-B822-C65E791E960C}] => (Allow) D:\Downloads\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{BD3CA3CC-1B11-414C-B29F-AF6F306E906A}] => (Allow) D:\Downloads\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{70593092-D9DD-4FA5-AF35-33BAEB41CBE9}D:\downloads\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\downloads\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9AC5EF46-2260-4799-A222-43EFEC81C41A}D:\downloads\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\downloads\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{95177AB6-AD78-4DAA-8856-B7DD203451D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A6E17A6-77C8-499F-95C4-99FAA6254C9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7B9113E4-1FD5-411C-9D72-C92AE0D9666A}D:\downloads\diablo iii\diablo iii.exe] => (Allow) D:\downloads\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{4971A107-625F-49CD-85B3-6C4F0B067410}D:\downloads\diablo iii\diablo iii.exe] => (Allow) D:\downloads\diablo iii\diablo iii.exe
FirewallRules: [{A46DF5E6-B22A-42C4-A13B-2678323C43C1}] => (Allow) D:\Downloads\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{FA314B76-7F3D-4E2A-9F09-74D31600F460}] => (Allow) D:\Downloads\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{8001037B-7255-43A2-ACFE-AC4591F3DE6A}] => (Allow) D:\Downloads\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0A90E6F7-320F-4C00-A6C0-AA170FA11E0F}] => (Allow) D:\Downloads\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D3F80FA2-C338-48AD-A03B-EC8E011B3413}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2016 11:28:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x5653d523
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2e611650
Faulting process ID: 0x698
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report ID: csgo.exe3
Faulting package full name: csgo.exe4
Faulting package-relative application ID: csgo.exe5
 
Error: (03/14/2016 06:38:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62077172
 
Error: (03/14/2016 06:38:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62077172
 
Error: (03/14/2016 06:38:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/12/2016 05:35:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.34.12400.0, time stamp: 0x56cebba9
Faulting module name: webio.dll, version: 6.3.9600.17415, time stamp: 0x545040e0
Exception code: 0xc0000409
Fault offset: 0x0000000000031035
Faulting process ID: 0x584
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report ID: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5
 
Error: (02/27/2016 08:18:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: csgo.exe, version: 0.0.0.0, time stamp: 0x5653d523
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x31721690
Faulting process ID: 0x1624
Faulting application start time: 0xcsgo.exe0
Faulting application path: csgo.exe1
Faulting module path: csgo.exe2
Report ID: csgo.exe3
Faulting package full name: csgo.exe4
Faulting package-relative application ID: csgo.exe5
 
Error: (02/26/2016 10:49:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8
 
Error: (02/26/2016 10:49:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (02/26/2016 10:49:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8
 
Error: (02/26/2016 10:49:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
 
 
System errors:
=============
Error: (03/16/2016 09:00:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/16/2016 09:00:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-27 18:32:49.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:49.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:49.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:49.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:49.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:48.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:48.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:48.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:48.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-27 18:32:48.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16321.72 MB
Available physical RAM: 13134.96 MB
Total Virtual: 18753.72 MB
Available Virtual: 15337.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.45 GB) (Free:2.94 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HDD Storage 2.0TB) (Fixed) (Total:1863.01 GB) (Free:1456.15 GB) NTFS
Drive e: (GTA_SAN_ANDREAS) (CDROM) (Total:3.92 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7DE28D88)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9E540727)
Partition 1: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,204 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:19 AM

Posted 17 March 2016 - 07:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (Trend Micro Toolbar) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-20]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S1 ESEADriver2; \??\C:\Users\Dane\AppData\Local\Temp\ESEADriver2.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
Task: {122A341B-F0E1-4F16-AF70-68B0FFB9EB8B} - System32\Tasks\Origin => C:\Users\Dane\AppData\Roaming\Origin\update.vbe <==== ATTENTION
C:\Users\Dane\AppData\Roaming\Origin\update.vbe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Any remaining issues?

#5 Jayyyy

Jayyyy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 18 March 2016 - 02:40 AM

Sorry about the late reply, I was asleep and only just woke up.

 

Here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Dane (2016-03-18 18:23:34) Run:1
Running from D:\Downloads
Loaded Profiles: Dane (Available Profiles: Dane & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (Trend Micro Toolbar) - C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-20]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S1 ESEADriver2; \??\C:\Users\Dane\AppData\Local\Temp\ESEADriver2.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
Task: {122A341B-F0E1-4F16-AF70-68B0FFB9EB8B} - System32\Tasks\Origin => C:\Users\Dane\AppData\Roaming\Origin\update.vbe <==== ATTENTION
C:\Users\Dane\AppData\Roaming\Origin\update.vbe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\Dane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => key removed successfully
Amsp => Unable to stop service.
Amsp => service could not remove
ESEADriver2 => service removed successfully
xhunter1 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{122A341B-F0E1-4F16-AF70-68B0FFB9EB8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{122A341B-F0E1-4F16-AF70-68B0FFB9EB8B}" => key removed successfully
C:\WINDOWS\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"C:\Users\Dane\AppData\Roaming\Origin\update.vbe" => not found.
EmptyTemp: => 342.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:24:04 ====
 
 
Uhm, it still seems my CPU is running quite high. And when I attempted to turn the computer off it wouldn't do anything for 15 minutes so I hit the reset button on the tower.
 
Also when my computer starts up it still BEEPS 3 times.
 
Thank you for your help and time.


#6 Jayyyy

Jayyyy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 18 March 2016 - 02:44 AM

Also I have these csrss.exe and services.exe files that run through task manager, I googled them and found them apart of the CPU miner. They are still running.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,204 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:19 AM

Posted 18 March 2016 - 08:29 AM

Submit the files to Virus total.

https://www.virustotal.com/

Post the results if identified as bad.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,204 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:19 AM

Posted 24 March 2016 - 09:41 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users