Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible spambot on my PC that keeps on getting my IP blacklisted


  • This topic is locked This topic is locked
16 replies to this topic

#1 Divinitybeyond

Divinitybeyond

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 May 2016 - 06:50 PM

I am not too computer savvy, and English is not my language, but here goes:
 
My laptop was listed on many of the blacklist sites in whatismyipaddress. The reason behind this seems to be spams being sent from my computer. CBL (http://www.abuseat.org/lookup.cgi) said it could be a Kelihos/Hlux spambot infection. I only use this laptop for browsing internet, youtube and everything your average teenager uses it for, so I have no idea how this all happened. I wouldn't have minded at all but it's affecting me in two ways:
 
1) I cannot access PSN because of this. I was able to after I requested to be removed from the blacklists but I am back to not being able to access PSN after the spams appeared again, apparently.
2) Until a month ago, somebody would constantly use my Paypal account to order items for himself. I got all my money back but it was such an inconvenience. I stopped accessing Paypal altogether on my laptop; I only use it on my phone now, and it's been fine ever since.
 
I look forward to your help :)
 
Edit - I should also mention that my email address was listed in haveibeenpwned, but I have ever since changed my password. I changed it again today just to be safe.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Asura (administrator) on SUNNY (13-05-2016 16:40:38)
Running from C:\Users\Asura\Downloads
Loaded Profiles: Asura (Available Profiles: Asura & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\pia_manager\pia_manager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Flux Software LLC) C:\Users\Asura\AppData\Local\FluxSoftware\Flux\flux.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(hxxp://www.ruby-lang.org/) C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-07-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7678280 2016-05-04] (SoftPerfect)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Run: [f.lux] => C:\Users\Asura\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\MountPoints2: {b3511b17-f49c-11e5-8281-28b2bd1040c7} - "F:\Setup.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{aacc0a55-1949-41c1-a1f2-edb2a561336c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{aacc0a55-1949-41c1-a1f2-edb2a561336c}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\Asura\AppData\Roaming\Mozilla\Firefox\Profiles\9p4wyr9m.default
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Asura\AppData\Roaming\Mozilla\Firefox\Profiles\9p4wyr9m.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR DefaultSearchKeyword: Default -> hush
CHR Profile: C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (uBlock Origin) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-04]
CHR Extension: (Google Search) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2016-05-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (RS Linkify) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodaipejgombneajbobileecedichlhn [2016-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Hover Zoom+) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-05-10]
CHR Extension: (Gmail) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-05-02] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2016-02-23] (Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [164864 2016-02-23] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-06-30] (ASUS Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-03] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72120 2016-01-14] (NetFilterSDK.com)
S3 NSTDUSB3; C:\Windows\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-13] (Zemana Ltd.)
S3 CMUAC; \SystemRoot\system32\DRIVERS\CMUAC.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 16:40 - 2016-05-13 16:41 - 00018036 _____ C:\Users\Asura\Downloads\FRST.txt
2016-05-13 14:16 - 2016-05-13 14:29 - 00247022 _____ C:\WINDOWS\ntbtlog.txt
2016-05-13 13:29 - 2016-05-13 16:40 - 00000000 ____D C:\FRST
2016-05-13 13:24 - 2016-05-13 13:29 - 02381312 _____ (Farbar) C:\Users\Asura\Downloads\FRST64.exe
2016-05-13 13:23 - 2016-05-13 13:23 - 00000279 _____ C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2016-05-13 13:17 - 2016-05-13 16:25 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-13 13:17 - 2016-05-13 13:55 - 00085872 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-13 13:16 - 2016-05-13 14:09 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-05-13 13:16 - 2016-05-13 13:16 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-05-13 13:16 - 2016-05-13 13:16 - 00000000 ____D C:\Users\Asura\AppData\Local\Zemana
2016-05-13 12:16 - 2016-05-13 12:16 - 00000000 ____D C:\KVRT_Data
2016-05-13 11:20 - 2016-05-09 16:23 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-05-13 11:18 - 2016-05-09 21:05 - 42924088 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 31625272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 25374776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 21380696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 20922648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 17777016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 17370400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 10566520 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 08673880 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 02258368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436519.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436519.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00887744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00753208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00000592 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-05-13 11:18 - 2016-05-09 21:05 - 00000592 _____ C:\WINDOWS\system32\nv-vk64.json
2016-05-13 10:09 - 2016-04-13 22:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-13 10:09 - 2016-04-13 22:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-11 10:30 - 2016-04-22 21:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 10:30 - 2016-04-22 21:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 10:30 - 2016-04-22 21:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 10:30 - 2016-04-22 21:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 10:30 - 2016-04-22 21:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 10:30 - 2016-04-22 21:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 10:30 - 2016-04-22 21:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 10:30 - 2016-04-22 21:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 10:30 - 2016-04-22 21:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 10:30 - 2016-04-22 21:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 10:30 - 2016-04-22 21:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 10:30 - 2016-04-22 21:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 10:29 - 2016-05-05 21:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 10:29 - 2016-05-05 21:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 10:29 - 2016-05-05 21:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 10:29 - 2016-05-05 20:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 10:29 - 2016-05-05 20:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 10:29 - 2016-05-05 20:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 10:29 - 2016-05-05 20:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 10:29 - 2016-05-05 20:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 10:29 - 2016-04-29 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 10:29 - 2016-04-29 23:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 10:29 - 2016-04-22 23:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 10:29 - 2016-04-22 23:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 10:29 - 2016-04-22 22:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 10:29 - 2016-04-22 22:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 10:29 - 2016-04-22 22:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 10:29 - 2016-04-22 22:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 10:29 - 2016-04-22 22:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 10:29 - 2016-04-22 22:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 10:29 - 2016-04-22 22:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 10:29 - 2016-04-22 22:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 10:29 - 2016-04-22 22:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 10:29 - 2016-04-22 22:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 10:29 - 2016-04-22 22:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 10:29 - 2016-04-22 22:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 10:29 - 2016-04-22 22:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 10:29 - 2016-04-22 22:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 10:29 - 2016-04-22 22:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 10:29 - 2016-04-22 22:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 10:29 - 2016-04-22 22:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 10:29 - 2016-04-22 22:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 10:29 - 2016-04-22 22:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 10:29 - 2016-04-22 21:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 10:29 - 2016-04-22 21:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 10:29 - 2016-04-22 21:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 10:29 - 2016-04-22 21:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 10:29 - 2016-04-22 21:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 10:29 - 2016-04-22 21:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 10:29 - 2016-04-22 21:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 10:29 - 2016-04-22 21:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 10:29 - 2016-04-22 21:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 10:29 - 2016-04-22 21:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 10:29 - 2016-04-22 21:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 10:29 - 2016-04-22 21:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-11 10:29 - 2016-04-22 21:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 10:29 - 2016-04-22 21:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 10:29 - 2016-04-22 21:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 10:29 - 2016-04-22 21:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 10:29 - 2016-04-22 21:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 10:29 - 2016-04-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 10:29 - 2016-04-22 21:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 10:29 - 2016-04-22 21:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 10:29 - 2016-04-22 21:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 10:29 - 2016-04-22 21:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 10:29 - 2016-04-22 21:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 10:29 - 2016-04-22 21:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 10:29 - 2016-04-22 21:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-11 10:29 - 2016-04-22 21:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 10:29 - 2016-04-22 21:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-11 10:29 - 2016-04-22 21:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 10:29 - 2016-04-22 21:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 10:29 - 2016-04-22 21:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 10:29 - 2016-04-22 21:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 10:29 - 2016-04-22 21:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 10:29 - 2016-04-22 21:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 10:29 - 2016-04-22 21:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 10:29 - 2016-04-22 21:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 10:29 - 2016-04-22 21:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 10:29 - 2016-04-22 21:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 10:29 - 2016-04-22 21:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 10:29 - 2016-04-22 21:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 10:29 - 2016-04-22 21:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 10:29 - 2016-04-22 20:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 10:29 - 2016-04-22 19:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 10:29 - 2016-04-22 19:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 10:29 - 2016-04-18 15:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 02:49 - 2016-05-13 14:05 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-05-11 02:49 - 2016-05-11 02:49 - 00000000 ____D C:\ProgramData\Caphyon
2016-05-11 02:43 - 2016-05-11 02:49 - 00000000 ____D C:\Users\Asura\AppData\Roaming\The Prince of Codes
2016-05-10 06:12 - 2016-05-10 06:12 - 00098498 _____ C:\ProgramData\1462885919.bdinstall.bin
2016-05-10 06:11 - 2016-05-10 06:11 - 00037669 _____ C:\ProgramData\1462885918.bdinstall.bin
2016-05-10 03:40 - 2016-05-10 03:41 - 00000000 ____D C:\NPE
2016-05-10 03:38 - 2016-05-10 03:45 - 00000000 ____D C:\Users\Asura\AppData\Local\NPE
2016-05-10 03:38 - 2016-05-10 03:38 - 00000000 ____D C:\ProgramData\Norton
2016-05-10 03:37 - 2016-05-10 03:38 - 03088296 _____ (Symantec Corporation) C:\Users\Asura\Downloads\NPE.exe
2016-05-09 12:09 - 2016-05-09 12:09 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-09 03:41 - 2016-05-09 03:41 - 00269356 _____ C:\ProgramData\1462790133.bdinstall.bin
2016-05-09 03:41 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-05-09 03:40 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\SET2DC6.tmp
2016-05-09 03:35 - 2016-05-09 03:35 - 00000000 ____D C:\Users\Asura\AppData\Roaming\QuickScan
2016-05-09 03:29 - 2016-05-09 04:28 - 00000000 ____D C:\AdwCleaner
2016-05-09 03:22 - 2016-05-09 03:22 - 00000000 ____D C:\Users\Asura\AppData\Roaming\SUPERAntiSpyware.com
2016-05-09 03:21 - 2016-05-09 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-09 03:21 - 2016-05-09 03:21 - 00001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-05-08 11:58 - 2016-05-10 04:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-07 07:56 - 2016-05-07 07:56 - 00008886 _____ C:\Users\Asura\Documents\cc_20160507_075654.reg
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\Documents\budmraarz.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Roaming\plmunddnv.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Local\dgposbbsxi.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\aobpqnnqyl.dat
2016-05-05 02:13 - 2016-04-27 07:33 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436510.dll
2016-05-05 02:13 - 2016-04-27 07:33 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436510.dll
2016-05-03 19:23 - 2016-05-03 19:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 19:22 - 2016-05-03 19:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-04-23 12:06 - 2016-04-23 12:06 - 00001991 _____ C:\Users\Asura\Desktop\Ventrilo.lnk
2016-04-18 17:26 - 2016-05-13 14:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-18 13:35 - 2016-04-18 13:36 - 18447464 _____ (Microsoft Corporation) C:\Users\Asura\Downloads\MediaCreationTool.exe
2016-04-18 03:56 - 2016-04-18 03:56 - 00005568 _____ C:\Users\Asura\Documents\cc_20160418_035602.reg
2016-04-16 14:11 - 2016-04-16 14:11 - 00004360 _____ C:\Users\Asura\Documents\cc_20160416_141119.reg
2016-04-16 14:05 - 2016-04-16 14:05 - 00000000 ____D C:\SUPERDelete
2016-04-16 13:29 - 2016-04-16 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-16 13:08 - 2016-04-16 13:08 - 00000282 _____ C:\Users\Asura\Documents\cc_20160416_130845.reg
2016-04-16 13:07 - 2016-04-16 13:07 - 00005042 _____ C:\Users\Asura\Documents\cc_20160416_130658.reg
2016-04-16 13:06 - 2016-04-16 13:06 - 00297702 _____ C:\Users\Asura\Documents\cc_20160416_130626.reg
2016-04-16 12:59 - 2016-04-28 13:04 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-16 12:59 - 2016-04-16 12:59 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-04-16 12:59 - 2016-04-16 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-16 12:59 - 2016-04-16 12:59 - 00000000 ____D C:\Program Files\CCleaner
2016-04-16 12:58 - 2016-05-09 03:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-16 12:58 - 2016-04-16 12:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-16 12:22 - 2016-04-16 14:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-13 09:44 - 2016-03-29 03:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 09:44 - 2016-03-29 02:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 09:44 - 2016-03-29 01:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 09:44 - 2016-03-29 01:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 09:44 - 2016-03-29 01:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 09:44 - 2016-03-29 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 09:44 - 2016-03-29 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 09:44 - 2016-03-29 00:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 09:44 - 2016-03-29 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 09:44 - 2016-03-29 00:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 09:44 - 2016-03-29 00:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 09:44 - 2016-03-29 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 09:44 - 2016-03-29 00:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 09:44 - 2016-03-28 23:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 09:44 - 2016-03-28 23:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 09:43 - 2016-04-01 21:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 09:43 - 2016-04-01 21:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 09:43 - 2016-04-01 20:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 09:43 - 2016-04-01 20:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 09:43 - 2016-04-01 20:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 09:43 - 2016-03-29 03:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 09:43 - 2016-03-29 03:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 09:43 - 2016-03-29 03:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 09:43 - 2016-03-29 03:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 09:43 - 2016-03-29 03:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 09:43 - 2016-03-29 03:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 09:43 - 2016-03-29 02:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 09:43 - 2016-03-29 02:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 09:43 - 2016-03-29 02:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 09:43 - 2016-03-29 02:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 09:43 - 2016-03-29 01:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 09:43 - 2016-03-29 01:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 09:43 - 2016-03-29 01:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 09:43 - 2016-03-29 00:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 09:43 - 2016-03-29 00:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 09:43 - 2016-03-29 00:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 09:43 - 2016-03-29 00:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 09:43 - 2016-03-29 00:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 09:43 - 2016-03-29 00:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 09:43 - 2016-03-29 00:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 09:43 - 2016-03-29 00:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 09:43 - 2016-03-29 00:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 09:43 - 2016-03-29 00:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 09:43 - 2016-03-29 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 09:43 - 2016-03-29 00:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 09:43 - 2016-03-29 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 09:43 - 2016-03-29 00:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 09:43 - 2016-03-29 00:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 09:43 - 2016-03-29 00:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 09:43 - 2016-03-29 00:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 09:43 - 2016-03-29 00:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 09:43 - 2016-03-29 00:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 09:43 - 2016-03-29 00:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 09:43 - 2016-03-29 00:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 09:43 - 2016-03-28 23:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 09:43 - 2016-03-28 23:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 09:43 - 2016-03-28 23:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 09:43 - 2016-03-28 23:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 09:43 - 2016-03-28 23:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 09:43 - 2016-03-28 23:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 09:43 - 2016-03-28 23:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 09:43 - 2016-03-28 23:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 09:43 - 2016-03-28 23:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 09:43 - 2016-03-28 23:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 09:43 - 2016-03-28 23:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 09:43 - 2016-03-28 23:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 09:43 - 2016-03-28 23:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 09:43 - 2016-03-28 23:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 09:43 - 2016-03-28 23:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 09:43 - 2016-03-28 23:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 09:43 - 2016-03-28 23:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 09:43 - 2016-03-28 23:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 09:43 - 2016-03-28 23:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 09:43 - 2016-03-28 23:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 09:43 - 2016-03-28 23:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 09:43 - 2016-03-28 23:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 09:43 - 2016-03-28 22:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 09:43 - 2016-03-28 22:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 09:43 - 2016-03-28 22:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 09:43 - 2016-03-28 22:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 09:43 - 2016-03-28 22:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 09:43 - 2016-03-28 22:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 09:43 - 2016-03-28 22:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 09:42 - 2016-04-01 21:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 09:42 - 2016-04-01 21:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 09:42 - 2016-04-01 20:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 09:42 - 2016-04-01 20:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 09:42 - 2016-03-29 03:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 09:42 - 2016-03-29 03:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 09:42 - 2016-03-29 03:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 09:42 - 2016-03-29 03:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 09:42 - 2016-03-29 03:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 09:42 - 2016-03-29 02:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 09:42 - 2016-03-29 02:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 09:42 - 2016-03-29 02:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 09:42 - 2016-03-29 02:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 09:42 - 2016-03-29 02:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 09:42 - 2016-03-29 02:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 09:42 - 2016-03-29 02:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 09:42 - 2016-03-29 02:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 09:42 - 2016-03-29 02:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 09:42 - 2016-03-29 02:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 09:42 - 2016-03-29 01:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 09:42 - 2016-03-29 01:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 09:42 - 2016-03-29 01:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 09:42 - 2016-03-29 01:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 09:42 - 2016-03-29 01:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 09:42 - 2016-03-29 01:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 09:42 - 2016-03-29 01:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 09:42 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 09:42 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 09:42 - 2016-03-29 01:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 09:42 - 2016-03-29 01:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 09:42 - 2016-03-29 01:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 09:42 - 2016-03-29 01:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 09:42 - 2016-03-29 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 09:42 - 2016-03-29 00:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 09:42 - 2016-03-29 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 09:42 - 2016-03-29 00:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 09:42 - 2016-03-29 00:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 09:42 - 2016-03-29 00:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 09:42 - 2016-03-29 00:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 09:42 - 2016-03-29 00:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 09:42 - 2016-03-29 00:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 09:42 - 2016-03-29 00:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 09:42 - 2016-03-29 00:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 09:42 - 2016-03-29 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 09:42 - 2016-03-29 00:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 09:42 - 2016-03-29 00:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 09:42 - 2016-03-29 00:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 09:42 - 2016-03-29 00:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 09:42 - 2016-03-29 00:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 09:42 - 2016-03-29 00:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 09:42 - 2016-03-29 00:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 09:42 - 2016-03-29 00:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 09:42 - 2016-03-29 00:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 09:42 - 2016-03-29 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 09:42 - 2016-03-29 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 09:42 - 2016-03-29 00:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 09:42 - 2016-03-29 00:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 09:42 - 2016-03-29 00:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 09:42 - 2016-03-29 00:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 09:42 - 2016-03-29 00:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 09:42 - 2016-03-29 00:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 09:42 - 2016-03-29 00:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 09:42 - 2016-03-29 00:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 09:42 - 2016-03-29 00:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 09:42 - 2016-03-29 00:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 09:42 - 2016-03-29 00:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 09:42 - 2016-03-29 00:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 09:42 - 2016-03-29 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 09:42 - 2016-03-29 00:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 09:42 - 2016-03-29 00:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 09:42 - 2016-03-29 00:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 09:42 - 2016-03-29 00:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 09:42 - 2016-03-29 00:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 09:42 - 2016-03-29 00:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 09:42 - 2016-03-29 00:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 09:42 - 2016-03-29 00:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 09:42 - 2016-03-29 00:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 09:42 - 2016-03-29 00:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 09:42 - 2016-03-29 00:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 09:42 - 2016-03-29 00:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 09:42 - 2016-03-29 00:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 09:42 - 2016-03-29 00:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 09:42 - 2016-03-29 00:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 09:42 - 2016-03-29 00:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 09:42 - 2016-03-28 23:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 09:42 - 2016-03-28 23:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 09:42 - 2016-03-28 23:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 09:42 - 2016-03-28 23:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 09:42 - 2016-03-28 23:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 09:42 - 2016-03-28 23:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 09:42 - 2016-03-28 23:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 09:42 - 2016-03-28 23:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 09:42 - 2016-03-28 23:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 09:42 - 2016-03-28 23:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 09:42 - 2016-03-28 23:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 09:42 - 2016-03-28 23:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 09:42 - 2016-03-28 23:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 09:42 - 2016-03-28 23:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 09:42 - 2016-03-28 23:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 09:42 - 2016-03-28 23:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 09:42 - 2016-03-28 23:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 09:42 - 2016-03-28 23:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 09:42 - 2016-03-28 23:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 09:42 - 2016-03-28 23:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 09:42 - 2016-03-28 23:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 09:42 - 2016-03-28 23:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 09:42 - 2016-03-28 23:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 09:42 - 2016-03-28 23:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 09:42 - 2016-03-28 23:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 09:42 - 2016-03-28 22:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 09:42 - 2016-03-28 22:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 09:42 - 2016-03-28 22:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 09:42 - 2016-03-28 22:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 09:42 - 2016-03-28 22:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 09:42 - 2016-03-28 22:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 09:42 - 2016-03-28 22:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 09:42 - 2016-03-28 22:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 16:36 - 2016-01-28 21:20 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 16:27 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-13 16:26 - 2016-02-01 06:09 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-05-13 16:26 - 2016-01-28 21:20 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 16:25 - 2016-01-28 21:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-13 16:25 - 2016-01-28 20:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-13 16:24 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-13 14:30 - 2016-01-28 21:50 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 14:20 - 2016-02-07 09:26 - 00000000 ____D C:\Users\Asura\AppData\Local\ElevatedDiagnostics
2016-05-13 14:13 - 2016-01-28 20:53 - 00000000 ____D C:\Users\Asura
2016-05-13 14:06 - 2016-01-28 22:48 - 00000000 ____D C:\Users\Asura\AppData\Local\CrashDumps
2016-05-13 14:06 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-13 14:02 - 2016-03-08 08:24 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-13 14:02 - 2014-09-29 05:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-13 14:01 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 13:41 - 2016-01-29 01:40 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 13:40 - 2016-01-29 01:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 11:20 - 2016-03-08 12:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-13 11:20 - 2016-01-28 20:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-13 10:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-13 10:11 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\NVIDIA Corporation
2016-05-13 10:11 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\NVIDIA
2016-05-13 10:09 - 2016-02-08 02:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2B59605-8DB0-454D-8E99-12219A769792}
2016-05-12 21:58 - 2015-07-13 19:45 - 12643392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-12 15:37 - 2016-01-28 21:21 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 14:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-12 14:21 - 2016-01-28 22:38 - 00000000 ____D C:\Users\Asura\AppData\Roaming\qBittorrent
2016-05-11 17:03 - 2016-01-28 20:37 - 00262952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 17:01 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 17:01 - 2015-10-30 00:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 17:00 - 2016-01-28 21:33 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Skype
2016-05-11 15:21 - 2016-01-28 21:34 - 00000000 ___RD C:\Users\Asura\Desktop\Utorrent
2016-05-11 12:57 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 12:57 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:36 - 2016-01-28 21:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 03:42 - 2016-01-28 21:05 - 00922068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-11 02:47 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-10 13:31 - 2016-01-28 21:20 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 13:31 - 2016-01-28 21:20 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 04:45 - 2016-01-28 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-09 21:05 - 2016-03-28 20:59 - 17370472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-05-09 21:05 - 2016-01-28 22:44 - 14227696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-09 21:05 - 2016-01-28 22:44 - 03262968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 20078656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 17332320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-09 16:35 - 2016-01-28 22:46 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-09 16:35 - 2016-01-28 22:46 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 02993088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 01201600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-09 16:35 - 2016-01-28 20:50 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-07 14:24 - 2016-01-28 20:50 - 06423191 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-07 06:06 - 2016-03-07 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-05-07 06:06 - 2016-03-07 10:15 - 00000000 ____D C:\Program Files\NetWorx
2016-05-07 04:35 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-03 19:23 - 2016-03-08 12:41 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-05-03 19:22 - 2016-03-08 12:41 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-05-03 19:22 - 2016-03-08 12:41 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-05-03 19:22 - 2016-03-08 12:41 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-05-02 11:29 - 2016-01-28 22:48 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01377984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-05-01 14:16 - 2016-01-28 21:33 - 00000000 ____D C:\ProgramData\Skype
2016-05-01 14:15 - 2016-01-28 21:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-27 06:29 - 2016-01-28 21:48 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Advanced Combat Tracker
2016-04-27 06:28 - 2016-01-28 21:33 - 00000000 ____D C:\Program Files (x86)\Advanced Combat Tracker
2016-04-25 22:06 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\Packages
2016-04-23 12:14 - 2016-03-06 11:56 - 00000000 ____D C:\Users\Asura\AppData\Roaming\TS3Client
2016-04-23 12:12 - 2016-03-06 11:56 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-23 12:11 - 2016-01-30 19:10 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Mumble
2016-04-23 12:09 - 2016-01-28 21:37 - 00002276 _____ C:\Users\Asura\Desktop\Discord.lnk
2016-04-23 12:09 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-23 12:09 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Local\Discord
2016-04-23 12:08 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Local\SquirrelTemp
2016-04-22 00:57 - 2016-01-28 21:22 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-17 13:11 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-16 13:04 - 2016-04-03 07:31 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Ventrilo
2016-04-16 13:04 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-04-14 13:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 13:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 22:38 - 2014-09-29 05:11 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Files in the root of some directories =======

2016-05-06 07:01 - 2016-05-06 07:01 - 0163840 _____ () C:\Users\Asura\AppData\Roaming\plmunddnv.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 0163840 _____ () C:\Users\Asura\AppData\Local\dgposbbsxi.dat
2016-02-15 08:31 - 2016-03-07 10:17 - 0007598 _____ () C:\Users\Asura\AppData\Local\Resmon.ResmonCfg
2016-05-09 03:41 - 2016-05-09 03:41 - 0269356 _____ () C:\ProgramData\1462790133.bdinstall.bin
2016-05-10 06:11 - 2016-05-10 06:11 - 0037669 _____ () C:\ProgramData\1462885918.bdinstall.bin
2016-05-10 06:12 - 2016-05-10 06:12 - 0098498 _____ () C:\ProgramData\1462885919.bdinstall.bin
2016-01-28 20:50 - 2016-01-28 20:50 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-05-16 13:02 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Users\Asura\aobpqnnqyl.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-11 08:05

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Asura (2016-05-13 16:41:39)
Running from C:\Users\Asura\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-29 04:06:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2851657317-3328137084-1387818102-500 - Administrator - Disabled)
Asura (S-1-5-21-2851657317-3328137084-1387818102-1001 - Administrator - Enabled) => C:\Users\Asura
DefaultAccount (S-1-5-21-2851657317-3328137084-1387818102-503 - Limited - Disabled)
Guest (S-1-5-21-2851657317-3328137084-1387818102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2851657317-3328137084-1387818102-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0042 - ASUS)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Elgato Game Capture HD (64-bit) (HKLM\...\{12A21612-D563-4D79-813F-1784BE7343C2}) (Version: 3.00.117.1117 - Elgato Systems GmbH)
f.lux (HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Flux) (Version: - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mumble 1.2.15 (HKLM-x32\...\{6364CB48-2FFE-4205-ABF7-0F94BB50824E}) (Version: 1.2.15 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NetWorx 5.5.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
NVIDIA 3D Vision Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Thunderbolt™ Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel® Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg))
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Asura\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039139FA-8F54-4633-87DF-51FAA2443BF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1B0CA07F-7088-4C07-A832-A722A4320BFE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {221C0AAD-97B5-421D-BFEB-BC7C14B3C965} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {22209D04-97F0-40FD-A421-CBCE2D2590E4} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {3C36DFFC-7944-4DB2-A64B-F5F5816E0257} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {404DF4EB-E974-41DB-88EF-F68D0C0370CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4FF98854-9A47-45BF-9954-82E4C0703E64} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {5F3C59F1-14A3-40C1-A5E8-DB4AE8317A69} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {66C5D46F-482F-48CE-B2E2-DBEF96C6751F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {6BD6BE0F-71C8-4451-AB90-6F5256E5F2B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
Task: {6CC3ADC4-EDA9-4D87-AEEF-53B6BE3F89DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {6F0CC6F4-5BD9-484A-BB17-0D570DEB0652} - System32\Tasks\ASUS Win8Active => F:\wtp8.1\wtp\asus-wtp\bin\Win8Active.exe
Task: {716CFBEE-BEF1-477C-90F1-4B471CFBE4D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {71F610AF-CF8A-4310-8817-F7A2664E09AC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-09-02] (Realtek Semiconductor)
Task: {726F7481-FDA3-4FE4-A1B2-7DA257CDA646} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {7963A278-9E2E-409E-937A-2FCF05FB6A93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C6A93E9-F452-4970-842B-FF1F87809353} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {947D7335-43E6-47D3-BAEA-A4930B8D17CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A0A5576D-4811-49FB-9AF9-2C09209BB223} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A164A75A-F84E-466D-9572-00E818F89D5F} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {B2607392-3258-4BDA-8F6D-84A4FA8CD463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {B6D95DC8-7DC1-491B-A487-727A7DB11213} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {CB0BF74C-B51C-4FDB-9D02-7CB1CCD77C5E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {D48FBF6B-DB86-492A-A89D-FAFB19318F04} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-03-14] ()
Task: {ECB9F133-0B76-492E-BE6E-CAE112081FF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EDCA758D-6C4C-47F1-A8A4-F9BBBD288206} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {FCEA7A97-47C8-424E-9587-B531D0D84189} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-28 20:50 - 2016-05-09 16:35 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-28 22:47 - 2016-05-02 11:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-28 22:47 - 2016-05-02 11:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-13 09:43 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-03 07:23 - 2016-05-02 11:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-03 07:23 - 2016-05-02 11:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-13 09:43 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 07604892 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-01-28 22:33 - 2016-01-28 22:33 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:29 - 2016-04-22 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:29 - 2016-04-22 20:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:29 - 2016-04-22 21:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-07 10:15 - 2016-04-10 22:57 - 00809984 _____ () C:\Program Files\NetWorx\sqlite.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2016-01-28 22:47 - 2016-05-02 11:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-13 16:26 - 2016-05-13 16:26 - 00012800 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00009728 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00014848 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00094208 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\src\rgloader\rgloader193.mswin.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00009216 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00094208 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00126976 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00087552 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00016384 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00127316 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\bin\libffi-6.dll
2016-05-13 16:26 - 2016-05-13 16:26 - 00008704 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00013312 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-05-13 16:26 - 2016-05-13 16:26 - 00095744 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00026624 _____ () C:\Users\Asura\AppData\Local\Temp\ocr3592.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00012800 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00009728 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00014848 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00094208 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\src\rgloader\rgloader193.mswin.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00094208 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00118784 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00069120 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00083968 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\bin\zlib1.dll
2016-05-13 16:27 - 2016-05-13 16:27 - 00026624 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00275968 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00015360 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00008192 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00009216 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00023552 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00008704 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00008704 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00008704 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00008704 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00036352 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00126976 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00087552 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00016384 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00127316 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\bin\libffi-6.dll
2016-05-13 16:27 - 2016-05-13 16:27 - 00013312 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00095744 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-05-13 16:27 - 2016-05-13 16:27 - 00026624 _____ () C:\Users\Asura\AppData\Local\Temp\ocr1BEA.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-03-14 10:06 - 2016-03-14 10:06 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2016-03-14 10:06 - 2016-03-14 10:06 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2014-09-29 05:16 - 2013-10-23 13:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\square-enix.com -> hxxps://square-enix.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-01-29 02:11 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Asura\Pictures\CHbVkdE.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Cm108BSound"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "ASUS ROG MacroKey"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DEC316B7-E6E3-457C-8EA8-42B16B5D473A}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{6F56A110-1A54-4DF5-AC58-FC66E7A587C3}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{60E84D37-91E5-41A3-A4F8-09FEC1945858}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{8C4B8193-2AC3-4D3D-BAA5-45F0E237B03D}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{6E93BF10-E8E2-4AB7-9E5C-B3BDAB8FCF6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{595B1544-B620-4C24-BAD3-50FDD9C223C4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CE02201A-C621-4A70-83B0-AC56AEDCA65B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{864C6DBF-B0D5-414C-AE27-299805D6E8BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13FDC197-B977-4D0C-BFA6-73B52319A6D9}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8E5A3571-14DC-4B5B-8B2F-C75998C20844}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{E49B081C-6ABC-4904-8469-77FBC8A33718}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{3C605D45-1EB0-4774-8FC5-255AD5B0F877}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{13BC2C34-CC76-4CF5-BD54-8FE867F6E093}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AEE9A405-B4D0-4119-A3E5-6D9C7C37CBE8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BB32385-9436-4104-9151-289D8688B4E4}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{73D3F0F9-7CBF-4F91-A107-8391C13CE2DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DF8FBF4-8D37-4EF0-BB75-825B02E3063E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0847CE79-A143-4E32-A41F-6874949251C4}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5C47D580-9B49-438F-B448-6345E98C5F23}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D416B986-062C-4D6A-8AB9-CF03C33781D0}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{22C2D4BE-F4CF-4378-ABFD-D92D70B6D752}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{168A2557-3568-47A2-B5AA-BB3A67BECE95}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{F6E0F35C-C919-4ED4-A1D3-3E586AC49C0B}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{0DBDA7D2-EF6C-4DE6-8005-B26250CE32C9}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{D3D883F3-DB44-4975-B90B-200964BA295D}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{0025222A-1A7D-4641-9FA3-8C9517462245}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{BD2ABE37-0008-4EA9-8D3F-B7896F16B346}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{25087B88-4123-496C-91C4-5F645579A63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{29B34078-9A6A-4264-B371-7B68CB117539}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C5062ABB-7FC0-4F01-8F6B-3A6E930F50BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D8E3783D-D179-4A69-B83A-5112542082EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2FF08365-5406-4428-AEFB-87805CB29F7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7872AEB-C4AF-4F40-B511-E01A3B470AA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5EB327FE-8492-4ECE-B77B-409FFBF9F154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2764D9B9-B00A-4C43-8140-3A6C5FC8280A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BB81DB9-DE16-412C-A7E6-03906B1C041A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82F56AF9-FABB-4588-9A62-AACC353399B5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{B99F417E-B4DB-456A-B289-6AA7FB306AA2}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{2D0DB3A9-B8E0-4520-A4E6-CA3B9A80897F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{14ECD963-5534-4C83-BA79-11BA2C88A18A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{758BC578-D9BD-4638-AC24-ED08A39D40BE}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{E02BDBE1-D945-4902-893F-889B25E3C6BE}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{DD70C4EA-CB91-42F7-9B89-E59177A8809D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC73CD4C-6094-43AB-B66C-C8EB25E2C10F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6B04B147-8DBB-419A-AF85-1C3B7D31D964}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{A5413C89-D8FA-483B-BA63-0087F7D26D82}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{A2095565-1B50-4051-8A74-6251BD01ECE0}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{8C82A3BE-6DF4-46C4-882B-075136B57636}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{985FF093-6E0D-4D9A-B659-43845566BBED}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D8F1A2DD-0F72-47F7-BBFC-922CE4F0A8AE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{ADC6F82D-E5C9-4E36-A444-D9446671FB44}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B98827C4-C667-474E-AA4F-4DB7202D11EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-05-2016 09:08:11 Scheduled Checkpoint
11-05-2016 02:48:48 Installed [PS3] Save Resigner
13-05-2016 13:33:22 Removed PS3XploderPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2016 04:19:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (05/13/2016 04:19:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (05/13/2016 04:17:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (05/13/2016 04:17:53 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (05/13/2016 04:17:53 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (05/13/2016 04:17:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/13/2016 02:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xb10
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (05/13/2016 02:09:01 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2832) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/13/2016 01:39:09 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sunny)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/13/2016 01:34:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (05/13/2016 04:24:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/13/2016 04:24:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/13/2016 04:24:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/13/2016 04:24:37 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/13/2016 04:24:34 PM) (Source: DCOM) (EventID: 10005) (User: Sunny)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2016-05-13 14:14:39.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 07:24:23.390
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 17:04:25.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 15:08:43.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-09 03:29:57.611
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-09 03:29:57.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-09 03:26:03.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-09 03:26:03.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-09 03:06:11.678
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-09 03:06:11.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16333.11 MB
Available physical RAM: 13783.39 MB
Total Virtual: 17357.11 MB
Available Virtual: 14437.37 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:138.72 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:120.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 761276FE)

Partition: GPT.

==================== End of Addition.txt ============================
==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 16 May 2016 - 09:32 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 16 May 2016 - 09:34 AM

Greetings Divinitybeyond and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me if you program using Ruby?

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\MountPoints2: {b3511b17-f49c-11e5-8281-28b2bd1040c7} - "F:\Setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S3 CMUAC; \SystemRoot\system32\DRIVERS\CMUAC.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\Documents\budmraarz.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Roaming\plmunddnv.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Local\dgposbbsxi.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\aobpqnnqyl.dat
2016-05-09 03:40 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\SET2DC6.tmp
2016-05-09 03:41 - 2016-05-09 03:41 - 0269356 _____ () C:\ProgramData\1462790133.bdinstall.bin
2016-05-10 06:11 - 2016-05-10 06:11 - 0037669 _____ () C:\ProgramData\1462885918.bdinstall.bin
2016-05-10 06:12 - 2016-05-10 06:12 - 0098498 _____ () C:\ProgramData\1462885919.bdinstall.bin
C:\Users\Asura\aobpqnnqyl.dat
Task: {039139FA-8F54-4633-87DF-51FAA2443BF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {716CFBEE-BEF1-477C-90F1-4B471CFBE4D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {7963A278-9E2E-409E-937A-2FCF05FB6A93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {947D7335-43E6-47D3-BAEA-A4930B8D17CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {ECB9F133-0B76-492E-BE6E-CAE112081FF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • MTB.txt
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Divinitybeyond

Divinitybeyond
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 16 May 2016 - 04:21 PM

Hi Gary, nice to meet you. :) My name is Sunny. Thank you for taking your time to help me with this problem. It is so awesome you guys do this.
 
Anyway, moving on, I should reply to the things you mentioned.
 
You asked if I program with Ruby. This is the first time I've heard about Ruby, so the answer is no. I also don't program.
 
Also, sorry about the torrenting. I actually use qBittorrent and only go for downloads that have good reputations. This is what happens when you don't get anything good on Netflix. Either way, I will stop for the time being like you suggested since I cannot part myself from it :(
 
Update on computer behavior: I honestly cannot tell. It never really felt slow/sluggish or I could never really tell if it was infected at all. I will definitely let you know if I notice anything though. I also deleted the two detected items in Rogue Killer. I hope that was what I was supposed to do but I didn't see it listed.
 
 
Fixlog.txt
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Asura (2016-05-16 13:38:25) Run:1
Running from C:\Users\Asura\Desktop
Loaded Profiles: Asura (Available Profiles: Asura & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\MountPoints2: {b3511b17-f49c-11e5-8281-28b2bd1040c7} - "F:\Setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S3 CMUAC; \SystemRoot\system32\DRIVERS\CMUAC.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\Documents\budmraarz.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Roaming\plmunddnv.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\AppData\Local\dgposbbsxi.dat
2016-05-06 07:01 - 2016-05-06 07:01 - 00163840 _____ C:\Users\Asura\aobpqnnqyl.dat
2016-05-09 03:40 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\SET2DC6.tmp
2016-05-09 03:41 - 2016-05-09 03:41 - 0269356 _____ () C:\ProgramData\1462790133.bdinstall.bin
2016-05-10 06:11 - 2016-05-10 06:11 - 0037669 _____ () C:\ProgramData\1462885918.bdinstall.bin
2016-05-10 06:12 - 2016-05-10 06:12 - 0098498 _____ () C:\ProgramData\1462885919.bdinstall.bin
C:\Users\Asura\aobpqnnqyl.dat
Task: {039139FA-8F54-4633-87DF-51FAA2443BF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
Task: {716CFBEE-BEF1-477C-90F1-4B471CFBE4D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {7963A278-9E2E-409E-937A-2FCF05FB6A93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {947D7335-43E6-47D3-BAEA-A4930B8D17CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {ECB9F133-0B76-492E-BE6E-CAE112081FF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3511b17-f49c-11e5-8281-28b2bd1040c7}" => key removed successfully
HKCR\CLSID\{b3511b17-f49c-11e5-8281-28b2bd1040c7} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
CMUAC => service removed successfully
epp => service removed successfully
MBAMSwissArmy => service removed successfully
ZAM => service removed successfully
C:\Users\Asura\Documents\budmraarz.dat => moved successfully
C:\Users\Asura\AppData\Roaming\plmunddnv.dat => moved successfully
C:\Users\Asura\AppData\Local\dgposbbsxi.dat => moved successfully
C:\Users\Asura\aobpqnnqyl.dat => moved successfully
C:\WINDOWS\system32\Drivers\SET2DC6.tmp => moved successfully
C:\ProgramData\1462790133.bdinstall.bin => moved successfully
C:\ProgramData\1462885918.bdinstall.bin => moved successfully
C:\ProgramData\1462885919.bdinstall.bin => moved successfully
"C:\Users\Asura\aobpqnnqyl.dat" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{039139FA-8F54-4633-87DF-51FAA2443BF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039139FA-8F54-4633-87DF-51FAA2443BF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{716CFBEE-BEF1-477C-90F1-4B471CFBE4D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{716CFBEE-BEF1-477C-90F1-4B471CFBE4D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7963A278-9E2E-409E-937A-2FCF05FB6A93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7963A278-9E2E-409E-937A-2FCF05FB6A93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{947D7335-43E6-47D3-BAEA-A4930B8D17CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{947D7335-43E6-47D3-BAEA-A4930B8D17CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECB9F133-0B76-492E-BE6E-CAE112081FF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB9F133-0B76-492E-BE6E-CAE112081FF3}" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 13:38:34 ====

 
 
Roguekiller Log
 

 
RogueKiller V12.2.1.0 [May 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Asura [Administrator]
Started from : C:\Users\Asura\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/16/2016 13:58:09
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2851657317-3328137084-1387818102-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2851657317-3328137084-1387818102-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 804dcbf42f20d1df5c8d98ef9afc7a76
[BSP] 7ef091d5dfdeaf68b26644c5f3ec38f1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 381546 MB
4 - Basic data partition | Offset (sectors): 783718400 | Size: 550704 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK

 
 
MTB.txt
 

 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Asura (administrator) on 16-05-2016 at 14:02:36
Running from "C:\Users\Asura\Desktop"
Microsoft Windows 10 Home  (X64)
Model: G751JT Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface=H subinterface=ethernet_32768 mtu=1450
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Sunny
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 38-2C-4A-5A-DD-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 28-B2-BD-10-40-C4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : 28-B2-BD-10-40-C3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25e2:e1e:3419:53f7%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.10.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 16, 2016 1:40:39 PM
   Lease Expires . . . . . . . . . . : Monday, May 16, 2016 3:40:44 PM
   Default Gateway . . . . . . . . . : 192.168.10.1
   DHCP Server . . . . . . . . . . . : 192.168.10.1
   DHCPv6 IAID . . . . . . . . . . . : 69776061
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-BB-00-C5-38-2C-4A-5A-DD-62
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 28-B2-BD-10-40-C7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3862:f37:49cd:bfb3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3862:f37:49cd:bfb3%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 402653184
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-BB-00-C5-38-2C-4A-5A-DD-62
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2404:6800:4007:806::200e
 216.58.197.78
 
 
Pinging google.com [216.58.196.110] with 32 bytes of data:
Reply from 216.58.196.110: bytes=32 time=144ms TTL=49
Reply from 216.58.196.110: bytes=32 time=143ms TTL=49
 
Ping statistics for 216.58.196.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 143ms, Maximum = 144ms, Average = 143ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=345ms TTL=41
Reply from 98.138.253.109: bytes=32 time=344ms TTL=41
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 344ms, Maximum = 345ms, Average = 344ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...38 2c 4a 5a dd 62 ......Realtek PCIe GBE Family Controller
 16...28 b2 bd 10 40 c4 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...28 b2 bd 10 40 c3 ......Intel® Dual Band Wireless-AC 7260
 12...28 b2 bd 10 40 c7 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1     192.168.10.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.10.0    255.255.255.0         On-link      192.168.10.8    281
     192.168.10.8  255.255.255.255         On-link      192.168.10.8    281
   192.168.10.255  255.255.255.255         On-link      192.168.10.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.10.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.10.8    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6abd:3862:f37:49cd:bfb3/128
                                    On-link
  4    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  4    281 fe80::25e2:e1e:3419:53f7/128
                                    On-link
  5    306 fe80::3862:f37:49cd:bfb3/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
**** End of log ****

Attached Files


Edited by Oh My!, 16 May 2016 - 04:39 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 16 May 2016 - 04:47 PM

Greetings Sunny,

No problem on deleting the RogueKiller entries. Wasn't necessary but doesn't hurt.

There were some non-traditional files on your computer that we deleted. Since they were randomly named I don't know whether or not they were directly related to your current problems. They very well may have been. The other reports look good.

Please do this. You can copy and paste the information directly into the Reply screen. It is a little easier for me to review them that way.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Divinitybeyond

Divinitybeyond
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 17 May 2016 - 08:36 AM

Hi Gary, here are the results:

 

ESET log

 

C:\Windows\System32\drivers\NFC_Driver.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting

 

 
 
Security Check Log
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox (46.0.1) 
 Google Chrome (50.0.2661.102) 
 Google Chrome (50.0.2661.94) 
 Google Chrome (SetupMetrics.pma..) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 17 May 2016 - 10:39 AM

That looks great.

Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Divinitybeyond

Divinitybeyond
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 18 May 2016 - 08:32 AM

Hi Gary, I am still getting the captcha notifications on certain websites. I don't know if that means anything. Nothing out of the ordinary otherwise. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 18 May 2016 - 08:53 AM

Those notifications are becoming more common and nothing to be concerned with unless there is other strange behavior associated with it.

I think we are all set now.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 19 May 2016 - 08:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 19 May 2016 - 02:25 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 19 May 2016 - 02:29 PM

Hi Sunny,

Please upload the information you would like me to review here. Post when it is submitted and we will go from there.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Divinitybeyond

Divinitybeyond
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 May 2016 - 06:35 PM

Hi Gary,

 

  as mentioned, these are the logs that came back from the IP blacklist sites.

 

**Logs deleted**


Edited by Oh My!, 19 May 2016 - 07:21 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 19 May 2016 - 07:47 PM

Hi Sunny,

Thank you for the information.

Can you tell me the model number of your router?

Please run a FRST scan again and make sure Addition.txt is checked.

Please do this.

===================================================

Exporting TCP/IP Parameters

--------------------
  • Press windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e %userprofile%\desktop\look.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

  • A look.txt document will be placed on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router information
  • FRST reports (2)
  • Registry Key information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Divinitybeyond

Divinitybeyond
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 21 May 2016 - 07:41 AM

Hey Gary,
 
For the past 24 hours, I've isolated my laptop to be the only thing connected to the network and these blacklist sites are still getting updated spam reports in the past couple of hours. So, it's either my laptop or my router (?) 
 
But, here's the information you requested:
 
Router Information:
 
Digicom Zing Series 150 Mbps Wireless N Access Point 
Model No.- DG-5614T
Connection Type: PPPOE
 
 
FRST Report:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Asura (administrator) on SUNNY (21-05-2016 05:24:46)
Running from C:\Users\Asura\Desktop
Loaded Profiles: Asura (Available Profiles: Asura & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Flux Software LLC) C:\Users\Asura\AppData\Local\FluxSoftware\Flux\flux.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MPC-HC Team) C:\Program Files\Combined Community Codec Pack 64bit\MPC\mpc-hc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-07-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7678280 2016-05-04] (SoftPerfect)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Run: [f.lux] => C:\Users\Asura\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{aacc0a55-1949-41c1-a1f2-edb2a561336c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{aacc0a55-1949-41c1-a1f2-edb2a561336c}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Asura\AppData\Roaming\Mozilla\Firefox\Profiles\9p4wyr9m.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Asura\AppData\Roaming\Mozilla\Firefox\Profiles\9p4wyr9m.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-07]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.playstationtrophies.org/forum/dust-an-elysian-tail/249147-dust-elysian-tail-trophy-guide-roadmap.html
CHR DefaultSearchKeyword: Default -> hush
CHR Profile: C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (uBlock Origin) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-04]
CHR Extension: (Google Search) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2016-05-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (RS Linkify) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodaipejgombneajbobileecedichlhn [2016-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Hover Zoom+) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-05-20]
CHR Extension: (Gmail) - C:\Users\Asura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-05-02] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2016-02-23] (Microsoft Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [164864 2016-02-23] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-06-30] (ASUS Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-03] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R1 MpKsl46c42e33; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A77B675B-CBBE-47F8-B337-8E10FDF79EA5}\MpKsl46c42e33.sys [44928 2016-05-20] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72120 2016-01-14] (NetFilterSDK.com)
S3 NSTDUSB3; C:\Windows\System32\Drivers\cyusb.sys [47616 2011-10-18] (Cypress Semiconductor)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-16] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-13] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 05:24 - 2016-05-21 05:25 - 00018557 _____ C:\Users\Asura\Desktop\FRST.txt
2016-05-21 05:24 - 2016-05-21 05:24 - 00000000 ____D C:\FRST
2016-05-21 05:23 - 2016-05-21 05:24 - 02382336 _____ (Farbar) C:\Users\Asura\Desktop\FRST64.exe
2016-05-21 05:19 - 2016-05-21 05:19 - 00046462 _____ C:\Users\Asura\Desktop\look.txt
2016-05-19 16:35 - 2016-05-19 16:35 - 00000279 _____ C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2016-05-19 07:52 - 2016-05-20 23:57 - 00247868 _____ C:\WINDOWS\ntbtlog.txt
2016-05-19 07:48 - 2016-05-19 07:48 - 00001087 _____ C:\DelFix.txt
2016-05-19 07:48 - 2016-05-19 07:48 - 00000000 ____D C:\WINDOWS\ERUNT
2016-05-17 17:03 - 2016-05-17 17:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-05-17 04:45 - 2016-05-17 04:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-16 14:37 - 2016-05-16 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-16 14:37 - 2016-05-16 14:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-05-16 14:37 - 2016-05-16 14:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-05-16 13:46 - 2016-05-16 13:46 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-16 13:45 - 2016-05-16 14:01 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-13 13:17 - 2016-05-19 07:52 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-13 13:17 - 2016-05-13 13:55 - 00085872 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-13 13:16 - 2016-05-13 14:09 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-05-13 13:16 - 2016-05-13 13:16 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-05-13 13:16 - 2016-05-13 13:16 - 00000000 ____D C:\Users\Asura\AppData\Local\Zemana
2016-05-13 12:16 - 2016-05-13 12:16 - 00000000 ____D C:\KVRT_Data
2016-05-13 11:20 - 2016-05-09 16:23 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-05-13 11:18 - 2016-05-09 21:05 - 42924088 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 31625272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 25374776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 21380696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 20922648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 17777016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 17370400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 10566520 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 08673880 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 02258368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436519.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436519.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00887744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00786688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00753208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-05-13 11:18 - 2016-05-09 21:05 - 00000592 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-05-13 11:18 - 2016-05-09 21:05 - 00000592 _____ C:\WINDOWS\system32\nv-vk64.json
2016-05-13 10:09 - 2016-04-13 22:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-13 10:09 - 2016-04-13 22:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-11 10:30 - 2016-04-22 21:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 10:30 - 2016-04-22 21:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 10:30 - 2016-04-22 21:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 10:30 - 2016-04-22 21:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 10:30 - 2016-04-22 21:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 10:30 - 2016-04-22 21:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 10:30 - 2016-04-22 21:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 10:30 - 2016-04-22 21:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 10:30 - 2016-04-22 21:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 10:30 - 2016-04-22 21:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 10:30 - 2016-04-22 21:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 10:30 - 2016-04-22 21:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 10:29 - 2016-05-05 21:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 10:29 - 2016-05-05 21:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 10:29 - 2016-05-05 21:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 10:29 - 2016-05-05 20:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 10:29 - 2016-05-05 20:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 10:29 - 2016-05-05 20:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 10:29 - 2016-05-05 20:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 10:29 - 2016-05-05 20:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 10:29 - 2016-04-29 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 10:29 - 2016-04-29 23:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 10:29 - 2016-04-22 23:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 10:29 - 2016-04-22 23:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 10:29 - 2016-04-22 23:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 10:29 - 2016-04-22 22:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 10:29 - 2016-04-22 22:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 10:29 - 2016-04-22 22:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 10:29 - 2016-04-22 22:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 10:29 - 2016-04-22 22:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 10:29 - 2016-04-22 22:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 10:29 - 2016-04-22 22:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 10:29 - 2016-04-22 22:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 10:29 - 2016-04-22 22:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 10:29 - 2016-04-22 22:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 10:29 - 2016-04-22 22:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 10:29 - 2016-04-22 22:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 10:29 - 2016-04-22 22:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 10:29 - 2016-04-22 22:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 10:29 - 2016-04-22 22:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 10:29 - 2016-04-22 22:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 10:29 - 2016-04-22 22:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 10:29 - 2016-04-22 22:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 10:29 - 2016-04-22 22:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 10:29 - 2016-04-22 22:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 10:29 - 2016-04-22 22:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 10:29 - 2016-04-22 22:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 10:29 - 2016-04-22 22:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 10:29 - 2016-04-22 22:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 10:29 - 2016-04-22 22:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 10:29 - 2016-04-22 22:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 10:29 - 2016-04-22 22:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 10:29 - 2016-04-22 22:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 10:29 - 2016-04-22 22:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 10:29 - 2016-04-22 21:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 10:29 - 2016-04-22 21:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 10:29 - 2016-04-22 21:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 10:29 - 2016-04-22 21:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 10:29 - 2016-04-22 21:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 10:29 - 2016-04-22 21:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 10:29 - 2016-04-22 21:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 10:29 - 2016-04-22 21:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 10:29 - 2016-04-22 21:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 10:29 - 2016-04-22 21:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 10:29 - 2016-04-22 21:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 10:29 - 2016-04-22 21:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 10:29 - 2016-04-22 21:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 10:29 - 2016-04-22 21:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-11 10:29 - 2016-04-22 21:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 10:29 - 2016-04-22 21:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 10:29 - 2016-04-22 21:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 10:29 - 2016-04-22 21:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 10:29 - 2016-04-22 21:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 10:29 - 2016-04-22 21:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 10:29 - 2016-04-22 21:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 10:29 - 2016-04-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 10:29 - 2016-04-22 21:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 10:29 - 2016-04-22 21:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 10:29 - 2016-04-22 21:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 10:29 - 2016-04-22 21:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 10:29 - 2016-04-22 21:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 10:29 - 2016-04-22 21:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 10:29 - 2016-04-22 21:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 10:29 - 2016-04-22 21:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 10:29 - 2016-04-22 21:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-11 10:29 - 2016-04-22 21:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 10:29 - 2016-04-22 21:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 10:29 - 2016-04-22 21:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-11 10:29 - 2016-04-22 21:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 10:29 - 2016-04-22 21:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 10:29 - 2016-04-22 21:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 10:29 - 2016-04-22 21:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 10:29 - 2016-04-22 21:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 10:29 - 2016-04-22 21:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 10:29 - 2016-04-22 21:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 10:29 - 2016-04-22 21:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 10:29 - 2016-04-22 21:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 10:29 - 2016-04-22 21:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 10:29 - 2016-04-22 21:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 10:29 - 2016-04-22 21:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 10:29 - 2016-04-22 21:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 10:29 - 2016-04-22 21:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 10:29 - 2016-04-22 21:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 10:29 - 2016-04-22 21:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 10:29 - 2016-04-22 21:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 10:29 - 2016-04-22 21:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 10:29 - 2016-04-22 21:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 10:29 - 2016-04-22 21:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 10:29 - 2016-04-22 20:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 10:29 - 2016-04-22 19:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 10:29 - 2016-04-22 19:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 10:29 - 2016-04-18 15:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 02:49 - 2016-05-21 05:10 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-05-11 02:49 - 2016-05-11 02:49 - 00000000 ____D C:\ProgramData\Caphyon
2016-05-11 02:43 - 2016-05-11 02:49 - 00000000 ____D C:\Users\Asura\AppData\Roaming\The Prince of Codes
2016-05-10 03:40 - 2016-05-19 07:53 - 00000000 ____D C:\NPE
2016-05-10 03:38 - 2016-05-19 08:19 - 00000000 ____D C:\Users\Asura\AppData\Local\NPE
2016-05-10 03:38 - 2016-05-10 03:38 - 00000000 ____D C:\ProgramData\Norton
2016-05-09 12:09 - 2016-05-09 12:09 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-09 03:41 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-05-09 03:35 - 2016-05-09 03:35 - 00000000 ____D C:\Users\Asura\AppData\Roaming\QuickScan
2016-05-09 03:22 - 2016-05-09 03:22 - 00000000 ____D C:\Users\Asura\AppData\Roaming\SUPERAntiSpyware.com
2016-05-09 03:21 - 2016-05-09 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-09 03:21 - 2016-05-09 03:21 - 00001851 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-05-08 11:58 - 2016-05-10 04:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-07 07:56 - 2016-05-07 07:56 - 00008886 _____ C:\Users\Asura\Documents\cc_20160507_075654.reg
2016-05-05 02:13 - 2016-04-27 07:33 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436510.dll
2016-05-05 02:13 - 2016-04-27 07:33 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436510.dll
2016-05-03 19:23 - 2016-05-03 19:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 19:22 - 2016-05-03 19:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-04-23 12:06 - 2016-04-23 12:06 - 00001991 _____ C:\Users\Asura\Desktop\Ventrilo.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 04:36 - 2016-01-28 21:20 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 02:29 - 2016-02-08 02:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2B59605-8DB0-454D-8E99-12219A769792}
2016-05-20 23:54 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-20 14:20 - 2016-01-28 22:38 - 00000000 ____D C:\Users\Asura\AppData\Roaming\qBittorrent
2016-05-20 14:13 - 2016-01-28 21:34 - 00000000 ___RD C:\Users\Asura\Desktop\Utorrent
2016-05-20 13:36 - 2016-01-28 21:20 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 15:09 - 2016-01-29 01:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 07:54 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-19 07:53 - 2016-02-01 06:09 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-05-19 07:52 - 2016-01-28 21:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 07:52 - 2016-01-28 20:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-19 07:51 - 2016-01-28 21:33 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Skype
2016-05-19 07:51 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-18 00:48 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 17:05 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-16 14:56 - 2016-01-28 21:05 - 00922068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-16 14:56 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-16 13:40 - 2016-01-28 20:37 - 00262952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-16 13:38 - 2016-01-28 20:53 - 00000000 ____D C:\Users\Asura
2016-05-16 09:05 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-15 02:14 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 14:30 - 2016-01-28 21:50 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 14:20 - 2016-02-07 09:26 - 00000000 ____D C:\Users\Asura\AppData\Local\ElevatedDiagnostics
2016-05-13 14:17 - 2016-04-18 17:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-13 14:06 - 2016-01-28 22:48 - 00000000 ____D C:\Users\Asura\AppData\Local\CrashDumps
2016-05-13 14:02 - 2016-03-08 08:24 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-13 14:02 - 2014-09-29 05:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-13 14:01 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 13:41 - 2016-01-29 01:40 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 11:20 - 2016-03-08 12:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-13 11:20 - 2016-01-28 20:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-13 10:11 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\NVIDIA Corporation
2016-05-13 10:11 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\NVIDIA
2016-05-12 21:58 - 2015-07-13 19:45 - 12643392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-12 15:37 - 2016-01-28 21:21 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-11 17:01 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 17:01 - 2015-10-30 00:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 17:01 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 12:57 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 12:57 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 10:36 - 2016-01-28 21:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 13:31 - 2016-01-28 21:20 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 13:31 - 2016-01-28 21:20 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 04:45 - 2016-01-28 22:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-09 21:05 - 2016-03-28 20:59 - 17370472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-05-09 21:05 - 2016-01-28 22:44 - 14227696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-09 21:05 - 2016-01-28 22:44 - 03262968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 20078656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 17332320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 03685280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-09 21:05 - 2015-07-13 19:45 - 00038050 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-09 16:35 - 2016-01-28 22:46 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-09 16:35 - 2016-01-28 22:46 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 06369728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 02993088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 01201600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-09 16:35 - 2016-01-28 20:50 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-09 16:35 - 2016-01-28 20:50 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-09 03:22 - 2016-04-16 12:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-07 14:24 - 2016-01-28 20:50 - 06423191 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-07 06:06 - 2016-03-07 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-05-07 06:06 - 2016-03-07 10:15 - 00000000 ____D C:\Program Files\NetWorx
2016-05-03 19:23 - 2016-03-08 12:41 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-05-03 19:22 - 2016-03-08 12:41 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-05-03 19:22 - 2016-03-08 12:41 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-05-03 19:22 - 2016-03-08 12:41 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-05-02 11:29 - 2016-01-28 22:48 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01377984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-05-02 11:29 - 2014-09-29 05:12 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-05-01 14:16 - 2016-01-28 21:33 - 00000000 ____D C:\ProgramData\Skype
2016-05-01 14:15 - 2016-01-28 21:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-28 13:04 - 2016-04-16 12:59 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-27 06:29 - 2016-01-28 21:48 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Advanced Combat Tracker
2016-04-27 06:28 - 2016-01-28 21:33 - 00000000 ____D C:\Program Files (x86)\Advanced Combat Tracker
2016-04-25 22:06 - 2016-01-28 18:05 - 00000000 ____D C:\Users\Asura\AppData\Local\Packages
2016-04-23 12:14 - 2016-03-06 11:56 - 00000000 ____D C:\Users\Asura\AppData\Roaming\TS3Client
2016-04-23 12:12 - 2016-03-06 11:56 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-23 12:11 - 2016-01-30 19:10 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Mumble
2016-04-23 12:09 - 2016-01-28 21:37 - 00002276 _____ C:\Users\Asura\Desktop\Discord.lnk
2016-04-23 12:09 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-23 12:09 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Local\Discord
2016-04-23 12:08 - 2016-01-28 21:37 - 00000000 ____D C:\Users\Asura\AppData\Local\SquirrelTemp
2016-04-22 00:57 - 2016-01-28 21:22 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-02-15 08:31 - 2016-03-07 10:17 - 0007598 _____ () C:\Users\Asura\AppData\Local\Resmon.ResmonCfg
2016-01-28 20:50 - 2016-01-28 20:50 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-05-16 13:02 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\Asura\AppData\Local\Temp\namebench.exe
C:\Users\Asura\AppData\Local\Temp\python27.dll
C:\Users\Asura\AppData\Local\Temp\tcl85.dll
C:\Users\Asura\AppData\Local\Temp\tk85.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-11 08:05
 
==================== End of FRST.txt ============================
 
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Asura (2016-05-21 05:25:22)
Running from C:\Users\Asura\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-29 04:06:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2851657317-3328137084-1387818102-500 - Administrator - Disabled)
Asura (S-1-5-21-2851657317-3328137084-1387818102-1001 - Administrator - Enabled) => C:\Users\Asura
DefaultAccount (S-1-5-21-2851657317-3328137084-1387818102-503 - Limited - Disabled)
Guest (S-1-5-21-2851657317-3328137084-1387818102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2851657317-3328137084-1387818102-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0042 - ASUS)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Elgato Game Capture HD (64-bit) (HKLM\...\{12A21612-D563-4D79-813F-1784BE7343C2}) (Version: 3.00.117.1117 - Elgato Systems GmbH)
f.lux (HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\Flux) (Version:  - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mumble 1.2.15 (HKLM-x32\...\{6364CB48-2FFE-4205-ABF7-0F94BB50824E}) (Version: 1.2.15 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetWorx 5.5.3 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
NVIDIA 3D Vision Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Thunderbolt™ Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel® Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - non-standard.com(tsg-mfg) (NSTDUSB3) USB  (04/18/2014 3.4.7.001) (HKLM\...\AF14DC8D7C324C76B112C941194F10991F58B808) (Version: 04/18/2014 3.4.7.001 - non-standard.com(tsg-mfg))
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Asura\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B0CA07F-7088-4C07-A832-A722A4320BFE} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {221C0AAD-97B5-421D-BFEB-BC7C14B3C965} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {22209D04-97F0-40FD-A421-CBCE2D2590E4} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {3C36DFFC-7944-4DB2-A64B-F5F5816E0257} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {404DF4EB-E974-41DB-88EF-F68D0C0370CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4FF98854-9A47-45BF-9954-82E4C0703E64} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {5F3C59F1-14A3-40C1-A5E8-DB4AE8317A69} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {66C5D46F-482F-48CE-B2E2-DBEF96C6751F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {6BD6BE0F-71C8-4451-AB90-6F5256E5F2B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
Task: {6CC3ADC4-EDA9-4D87-AEEF-53B6BE3F89DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {6F0CC6F4-5BD9-484A-BB17-0D570DEB0652} - System32\Tasks\ASUS Win8Active => F:\wtp8.1\wtp\asus-wtp\bin\Win8Active.exe
Task: {71F610AF-CF8A-4310-8817-F7A2664E09AC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-09-02] (Realtek Semiconductor)
Task: {726F7481-FDA3-4FE4-A1B2-7DA257CDA646} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {8C6A93E9-F452-4970-842B-FF1F87809353} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {A0A5576D-4811-49FB-9AF9-2C09209BB223} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A164A75A-F84E-466D-9572-00E818F89D5F} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {B2607392-3258-4BDA-8F6D-84A4FA8CD463} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {B6D95DC8-7DC1-491B-A487-727A7DB11213} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {CB0BF74C-B51C-4FDB-9D02-7CB1CCD77C5E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {D48FBF6B-DB86-492A-A89D-FAFB19318F04} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-03-14] ()
Task: {EDCA758D-6C4C-47F1-A8A4-F9BBBD288206} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {FCEA7A97-47C8-424E-9587-B531D0D84189} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-28 20:50 - 2016-05-09 16:35 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-28 22:47 - 2016-05-02 11:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-03 10:27 - 2016-05-02 11:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-28 22:47 - 2016-05-02 11:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-13 09:43 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 09:43 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-28 22:33 - 2016-01-28 22:33 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:29 - 2016-04-22 21:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-11 10:29 - 2016-04-22 21:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 10:29 - 2016-04-22 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 10:29 - 2016-04-22 20:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 10:29 - 2016-04-22 21:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-07 10:15 - 2016-04-10 22:57 - 00809984 _____ () C:\Program Files\NetWorx\sqlite.dll
2016-01-28 23:28 - 2015-10-04 20:12 - 00300544 _____ () C:\Program Files\Combined Community Codec Pack 64bit\Filters\LAVFilters\libbluray.dll
2016-03-28 16:19 - 2016-03-28 16:19 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-28 16:19 - 2016-03-28 16:19 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 18:19 - 2016-03-03 19:22 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-05-11 10:29 - 2016-04-22 21:24 - 00064512 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll
2016-04-03 07:23 - 2016-05-02 11:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-03 07:23 - 2016-05-02 11:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-01-28 22:47 - 2016-05-02 11:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-09-29 05:16 - 2013-10-23 13:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 15:37 - 2016-05-11 04:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\square-enix.com -> hxxps://square-enix.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-01-29 02:11 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Asura\Pictures\CHbVkdE.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Cm108BSound"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "ASUS ROG MacroKey"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2851657317-3328137084-1387818102-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DEC316B7-E6E3-457C-8EA8-42B16B5D473A}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{6F56A110-1A54-4DF5-AC58-FC66E7A587C3}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{60E84D37-91E5-41A3-A4F8-09FEC1945858}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{8C4B8193-2AC3-4D3D-BAA5-45F0E237B03D}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{6E93BF10-E8E2-4AB7-9E5C-B3BDAB8FCF6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{595B1544-B620-4C24-BAD3-50FDD9C223C4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CE02201A-C621-4A70-83B0-AC56AEDCA65B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{864C6DBF-B0D5-414C-AE27-299805D6E8BF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13FDC197-B977-4D0C-BFA6-73B52319A6D9}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{8E5A3571-14DC-4B5B-8B2F-C75998C20844}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{E49B081C-6ABC-4904-8469-77FBC8A33718}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{3C605D45-1EB0-4774-8FC5-255AD5B0F877}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{13BC2C34-CC76-4CF5-BD54-8FE867F6E093}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AEE9A405-B4D0-4119-A3E5-6D9C7C37CBE8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BB32385-9436-4104-9151-289D8688B4E4}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{73D3F0F9-7CBF-4F91-A107-8391C13CE2DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DF8FBF4-8D37-4EF0-BB75-825B02E3063E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0847CE79-A143-4E32-A41F-6874949251C4}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5C47D580-9B49-438F-B448-6345E98C5F23}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D416B986-062C-4D6A-8AB9-CF03C33781D0}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{22C2D4BE-F4CF-4378-ABFD-D92D70B6D752}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{168A2557-3568-47A2-B5AA-BB3A67BECE95}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{F6E0F35C-C919-4ED4-A1D3-3E586AC49C0B}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{0DBDA7D2-EF6C-4DE6-8005-B26250CE32C9}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{D3D883F3-DB44-4975-B90B-200964BA295D}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{0025222A-1A7D-4641-9FA3-8C9517462245}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{BD2ABE37-0008-4EA9-8D3F-B7896F16B346}] => (Allow) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
FirewallRules: [{25087B88-4123-496C-91C4-5F645579A63E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{29B34078-9A6A-4264-B371-7B68CB117539}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C5062ABB-7FC0-4F01-8F6B-3A6E930F50BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D8E3783D-D179-4A69-B83A-5112542082EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2FF08365-5406-4428-AEFB-87805CB29F7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7872AEB-C4AF-4F40-B511-E01A3B470AA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5EB327FE-8492-4ECE-B77B-409FFBF9F154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2764D9B9-B00A-4C43-8140-3A6C5FC8280A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BB81DB9-DE16-412C-A7E6-03906B1C041A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82F56AF9-FABB-4588-9A62-AACC353399B5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{B99F417E-B4DB-456A-B289-6AA7FB306AA2}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{2D0DB3A9-B8E0-4520-A4E6-CA3B9A80897F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{14ECD963-5534-4C83-BA79-11BA2C88A18A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{758BC578-D9BD-4638-AC24-ED08A39D40BE}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{E02BDBE1-D945-4902-893F-889B25E3C6BE}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{DD70C4EA-CB91-42F7-9B89-E59177A8809D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC73CD4C-6094-43AB-B66C-C8EB25E2C10F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6B04B147-8DBB-419A-AF85-1C3B7D31D964}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{A5413C89-D8FA-483B-BA63-0087F7D26D82}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{A2095565-1B50-4051-8A74-6251BD01ECE0}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{8C82A3BE-6DF4-46C4-882B-075136B57636}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{985FF093-6E0D-4D9A-B659-43845566BBED}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D8F1A2DD-0F72-47F7-BBFC-922CE4F0A8AE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{ADC6F82D-E5C9-4E36-A444-D9446671FB44}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B98827C4-C667-474E-AA4F-4DB7202D11EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-05-2016 07:48:30 End of disinfection
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/20/2016 11:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10788172
 
Error: (05/20/2016 11:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10788172
 
Error: (05/20/2016 11:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/20/2016 08:45:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2563
 
Error: (05/20/2016 08:45:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2563
 
Error: (05/20/2016 08:45:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/20/2016 08:45:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
 
Error: (05/20/2016 08:45:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1281
 
Error: (05/20/2016 08:45:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/20/2016 03:48:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (05/20/2016 11:58:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (05/20/2016 08:45:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/20/2016 05:34:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/19/2016 11:13:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (05/19/2016 09:35:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/19/2016 07:51:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_40852 service to connect.
 
Error: (05/19/2016 07:51:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_40852 service to connect.
 
Error: (05/19/2016 07:51:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_40852 service, but this action failed with the following error: 
%%1056
 
Error: (05/19/2016 07:51:32 AM) (Source: DCOM) (EventID: 10010) (User: Sunny)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/19/2016 07:51:32 AM) (Source: DCOM) (EventID: 10010) (User: Sunny)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
 
CodeIntegrity:
===================================
  Date: 2016-05-21 05:24:35.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-21 05:24:35.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-21 05:24:33.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-21 05:24:33.401
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:48:03.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:48:03.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:48:03.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:48:03.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:48:03.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-20 15:47:53.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16333.11 MB
Available physical RAM: 11358.83 MB
Total Virtual: 17357.11 MB
Available Virtual: 12043.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:98.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:120.66 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.49 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 761276FE)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
 
Registry Key Information
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"Domain"=""
"ForwardBroadcasts"=dword:00000000
"ICSDomain"="mshome.net"
"NameServer"=""
"SyncDomainWithMembership"=dword:00000001
"HostName"="Sunny"
"NV HostName"="Sunny"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"TcpMaxDataRetransmissions"=dword:00000007
"TcpTimedWaitDelay"=dword:0000001e
"Tcp1323Opts"=dword:00000000
"IPAutoconfigurationSubnet"="0.0.0.0"
"IPAutoconfigurationMask"="0.0.0.0"
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"IPEnableRouter"=dword:00000000
"EnableICMPRedirect"=dword:00000001
"DisableTaskOffload"=dword:00000001
"DhcpDomain"="domain.name"
"DhcpNameServer"="8.8.8.8 8.8.4.4"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,31,00,36,00,46,00,32,00,41,00,33,00,\
  41,00,39,00,2d,00,38,00,41,00,35,00,30,00,2d,00,34,00,46,00,39,00,46,00,2d,\
  00,39,00,42,00,31,00,38,00,2d,00,38,00,46,00,32,00,36,00,37,00,45,00,45,00,\
  31,00,33,00,31,00,41,00,43,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8718928d-cbeb-45ea-a621-800a9249001d}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,37,00,31,00,38,00,39,00,32,00,\
  38,00,44,00,2d,00,43,00,42,00,45,00,42,00,2d,00,34,00,35,00,45,00,41,00,2d,\
  00,41,00,36,00,32,00,31,00,2d,00,38,00,30,00,30,00,41,00,39,00,32,00,34,00,\
  39,00,30,00,30,00,31,00,44,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{95aa4dad-b897-4e4d-8797-a9eae06e93dc}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,39,00,35,00,41,00,41,00,34,00,44,00,\
  41,00,44,00,2d,00,42,00,38,00,39,00,37,00,2d,00,34,00,45,00,34,00,44,00,2d,\
  00,38,00,37,00,39,00,37,00,2d,00,41,00,39,00,45,00,41,00,45,00,30,00,36,00,\
  45,00,39,00,33,00,44,00,43,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{aacc0a55-1949-41c1-a1f2-edb2a561336c}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,41,00,41,00,43,00,43,00,30,00,41,00,\
  35,00,35,00,2d,00,31,00,39,00,34,00,39,00,2d,00,34,00,31,00,43,00,31,00,2d,\
  00,41,00,31,00,46,00,32,00,2d,00,45,00,44,00,42,00,32,00,41,00,35,00,36,00,\
  31,00,33,00,33,00,36,00,43,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{b6194d18-6ea8-40ad-b7c2-72c8f94c2b93}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,36,00,31,00,39,00,34,00,44,00,\
  31,00,38,00,2d,00,36,00,45,00,41,00,38,00,2d,00,34,00,30,00,41,00,44,00,2d,\
  00,42,00,37,00,43,00,32,00,2d,00,37,00,32,00,43,00,38,00,46,00,39,00,34,00,\
  43,00,32,00,42,00,39,00,33,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"DhcpServer"="192.168.10.1"
"Lease"=dword:00001c20
"LeaseObtainedTime"=dword:57404960
"T1"=dword:57405770
"T2"=dword:574061fc
"LeaseTerminatesTime"=dword:57406580
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="74572757E676"
"TcpAckFrequency"=dword:00000001
"IPAddress"=hex(7):00,00
"SubnetMask"=hex(7):00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"DhcpIPAddress"="192.168.10.10"
"DhcpSubnetMask"="255.255.255.0"
"DhcpDomain"="domain.name"
"DhcpNameServer"="8.8.8.8 8.8.4.4"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,30,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,\
  57,40,57,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,57,40,57,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,57,40,57,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,70,57,40,57,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,70,57,40,57,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,\
  57,40,57,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,57,40,57,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,70,57,40,57,0f,00,00,00,00,00,00,\
  00,0b,00,00,00,00,00,00,00,80,65,40,57,64,6f,6d,61,69,6e,2e,6e,61,6d,65,00,\
  06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,80,65,40,57,08,08,08,08,08,\
  08,04,04,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,80,65,40,57,c0,a8,\
  0a,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,80,65,40,57,ff,ff,ff,\
  00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,80,65,40,57,00,00,1c,20,\
  36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,80,65,40,57,c0,a8,0a,01,35,\
  00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,80,65,40,57,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,0a,01,06,00,00,00,a8,32,9a,00,b3,48
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}\3516D63757E676027416C61687970235630263133303]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"DhcpServer"="192.168.43.1"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:573a3924
"T1"=dword:573a402c
"T2"=dword:573a4572
"LeaseTerminatesTime"=dword:573a4734
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="3516D63757E676027416C61687970235630263133303"
"TcpAckFrequency"=dword:00000001
"IPAddress"=hex(7):00,00
"SubnetMask"=hex(7):00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"DhcpIPAddress"="192.168.43.166"
"DhcpSubnetMask"="255.255.255.0"
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,\
  40,3a,57,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,40,3a,57,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,40,3a,57,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,2c,40,3a,57,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,2c,40,3a,57,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,\
  40,3a,57,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,40,3a,57,0f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,2c,40,3a,57,51,00,00,00,00,00,00,\
  00,08,00,00,00,00,00,00,00,34,47,3a,57,03,ff,ff,53,75,6e,6e,79,06,00,00,00,\
  00,00,00,00,04,00,00,00,00,00,00,00,34,47,3a,57,c0,a8,2b,01,03,00,00,00,00,\
  00,00,00,04,00,00,00,00,00,00,00,34,47,3a,57,c0,a8,2b,01,1c,00,00,00,00,00,\
  00,00,04,00,00,00,00,00,00,00,34,47,3a,57,c0,a8,2b,ff,01,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,34,47,3a,57,ff,ff,ff,00,3b,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,34,47,3a,57,00,00,0c,4e,3a,00,00,00,00,00,00,00,04,\
  00,00,00,00,00,00,00,34,47,3a,57,00,00,07,08,33,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,34,47,3a,57,00,00,0e,10,36,00,00,00,00,00,00,00,04,00,00,\
  00,00,00,00,00,34,47,3a,57,c0,a8,2b,01,35,00,00,00,00,00,00,00,01,00,00,00,\
  00,00,00,00,34,47,3a,57,05,00,00,00
"DhcpNameServer"="192.168.43.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,34,\
  00,33,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,2b,01,06,00,00,00,e8,50,8b,4a,a4,f8
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}\4494749434F4D402D202A594E474]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"DhcpServer"="192.168.10.1"
"Lease"=dword:00001c20
"LeaseObtainedTime"=dword:572e0c40
"T1"=dword:572e1a50
"T2"=dword:572e24dc
"LeaseTerminatesTime"=dword:572e2860
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="4494749434F4D402D202A594E474"
"TcpAckFrequency"=dword:00000001
"IPAddress"=hex(7):00,00
"SubnetMask"=hex(7):00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"DhcpIPAddress"="192.168.10.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,\
  1a,2e,57,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,1a,2e,57,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,1a,2e,57,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,50,1a,2e,57,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,50,1a,2e,57,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,\
  1a,2e,57,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,1a,2e,57,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,1a,2e,57,0f,00,00,00,00,00,00,\
  00,0b,00,00,00,00,00,00,00,60,28,2e,57,64,6f,6d,61,69,6e,2e,6e,61,6d,65,00,\
  06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,60,28,2e,57,c0,a8,0a,01,03,\
  00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,60,28,2e,57,c0,a8,0a,01,01,00,\
  00,00,00,00,00,00,04,00,00,00,00,00,00,00,60,28,2e,57,ff,ff,ff,00,33,00,00,\
  00,00,00,00,00,04,00,00,00,00,00,00,00,60,28,2e,57,00,00,1c,20,36,00,00,00,\
  00,00,00,00,04,00,00,00,00,00,00,00,60,28,2e,57,c0,a8,0a,01,35,00,00,00,00,\
  00,00,00,01,00,00,00,00,00,00,00,60,28,2e,57,05,00,00,00
"DhcpDomain"="domain.name"
"DhcpNameServer"="192.168.10.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,30,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,0a,01,06,00,00,00,a8,32,9a,00,b3,48
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}\74572757E676027457563747]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"="8.8.8.8,8.8.4.4"
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"DhcpServer"="192.168.10.1"
"Lease"=dword:00001c20
"LeaseObtainedTime"=dword:56f8cd39
"T1"=dword:56f8db49
"T2"=dword:56f8e5d5
"LeaseTerminatesTime"=dword:56f8e959
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="74572757E676027457563747"
"TcpAckFrequency"=dword:00000001
"IPAddress"=hex(7):00,00
"SubnetMask"=hex(7):00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"DhcpIPAddress"="192.168.10.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,\
  db,f8,56,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,db,f8,56,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,db,f8,56,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,49,db,f8,56,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,49,db,f8,56,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,\
  db,f8,56,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,db,f8,56,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,db,f8,56,0f,00,00,00,00,00,00,\
  00,0b,00,00,00,00,00,00,00,59,e9,f8,56,64,6f,6d,61,69,6e,2e,6e,61,6d,65,00,\
  06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,59,e9,f8,56,c0,a8,0a,01,03,\
  00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,59,e9,f8,56,c0,a8,0a,01,01,00,\
  00,00,00,00,00,00,04,00,00,00,00,00,00,00,59,e9,f8,56,ff,ff,ff,00,33,00,00,\
  00,00,00,00,00,04,00,00,00,00,00,00,00,59,e9,f8,56,00,00,1c,20,36,00,00,00,\
  00,00,00,00,04,00,00,00,00,00,00,00,59,e9,f8,56,c0,a8,0a,01,35,00,00,00,00,\
  00,00,00,01,00,00,00,00,00,00,00,59,e9,f8,56,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,0a,01,06,00,00,00,a8,32,9a,00,b3,48
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpDomain"="domain.name"
"DhcpNameServer"="192.168.10.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,30,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16f2a3a9-8a50-4f9f-9b18-8f267ee131ac}\C47402B494E474]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"DhcpServer"="192.168.1.1"
"Lease"=dword:0003f480
"LeaseObtainedTime"=dword:572f55c5
"T1"=dword:57315005
"T2"=dword:5732cbb5
"LeaseTerminatesTime"=dword:57334a45
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="C47402B494E474"
"TcpAckFrequency"=dword:00000001
"IPAddress"=hex(7):00,00
"SubnetMask"=hex(7):00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"DhcpIPAddress"="192.168.1.104"
"DhcpSubnetMask"="255.255.255.0"
"DhcpDomain"=""
"DhcpNameServer"="192.168.1.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,\
  a7,30,57,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,a7,30,57,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,a7,30,57,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,45,a7,30,57,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,45,a7,30,57,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,\
  a7,30,57,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,a7,30,57,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,a7,30,57,36,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,45,4a,33,57,c0,a8,01,01,33,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,45,4a,33,57,00,03,f4,80,3b,00,00,00,00,00,00,00,04,\
  00,00,00,00,00,00,00,45,4a,33,57,00,03,75,f0,3a,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,45,4a,33,57,00,01,fa,40,0f,00,00,00,00,00,00,00,01,00,00,\
  00,00,00,00,00,45,4a,33,57,00,00,00,00,06,00,00,00,00,00,00,00,04,00,00,00,\
  00,00,00,00,45,4a,33,57,c0,a8,01,01,03,00,00,00,00,00,00,00,04,00,00,00,00,\
  00,00,00,45,4a,33,57,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,\
  00,00,45,4a,33,57,ff,ff,ff,00,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
  00,45,4a,33,57,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,f8,1a,67,51,b2,fd
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"TcpAckFrequency"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89fc780b-c639-11e5-a5a7-806e6f6e6963}]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95aa4dad-b897-4e4d-8797-a9eae06e93dc}]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"TcpAckFrequency"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aacc0a55-1949-41c1-a1f2-edb2a561336c}]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"="8.8.8.8,8.8.4.4"
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"TcpAckFrequency"=dword:00000001
"DhcpIPAddress"="192.168.10.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.10.1"
"Lease"=dword:00001c20
"LeaseObtainedTime"=dword:5736fb12
"T1"=dword:57370922
"T2"=dword:573713ae
"LeaseTerminatesTime"=dword:57371732
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpDomain"="domain.name"
"DhcpNameServer"="8.8.8.8 8.8.4.4"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,30,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,\
  09,37,57,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,09,37,57,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,09,37,57,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,22,09,37,57,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,22,09,37,57,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,\
  09,37,57,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,09,37,57,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,22,09,37,57,0f,00,00,00,00,00,00,\
  00,0b,00,00,00,00,00,00,00,32,17,37,57,64,6f,6d,61,69,6e,2e,6e,61,6d,65,00,\
  06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,32,17,37,57,08,08,08,08,08,\
  08,04,04,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,32,17,37,57,c0,a8,\
  0a,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,32,17,37,57,ff,ff,ff,\
  00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,32,17,37,57,00,00,1c,20,\
  36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,32,17,37,57,c0,a8,0a,01,35,\
  00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,32,17,37,57,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,0a,01,06,00,00,00,a8,32,9a,00,b3,48
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b6194d18-6ea8-40ad-b7c2-72c8f94c2b93}]
"EnableDHCP"=dword:00000001
"Domain"=""
"NameServer"=""
"UseZeroBroadcast"=dword:00000000
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"MTU"=dword:00000000
"TcpAckFrequency"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NsiObjectSecurity]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
  6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
  00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"ProviderGUID"=hex:a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92
"OfflineCapable"=dword:00000001
"Mapping"=hex:08,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
  00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,02,00,\
  00,00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,\
  00,00,00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,ff,00,00,00,02,00,00,00,\
  03,00,00,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\0]
"Version"=dword:00000002
"AddressFamily"=dword:00000002
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"SocketType"=dword:00000001
"Protocol"=dword:00000006
"ProtocolMaxOffset"=dword:00000000
"ByteOrder"=dword:00000000
"MessageSize"=dword:00000000
"szProtocol"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,6d,00,73,00,77,00,73,00,6f,00,63,00,6b,00,2e,00,64,00,6c,00,6c,00,2c,\
  00,2d,00,36,00,30,00,31,00,30,00,30,00
"ProviderFlags"=dword:00000008
"ServiceFlags"=dword:00020066
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\1]
"Version"=dword:00000002
"AddressFamily"=dword:00000002
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"SocketType"=dword:00000002
"Protocol"=dword:00000011
"ProtocolMaxOffset"=dword:00000000
"ByteOrder"=dword:00000000
"MessageSize"=dword:0000fff7
"szProtocol"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,6d,00,73,00,77,00,73,00,6f,00,63,00,6b,00,2e,00,64,00,6c,00,6c,00,2c,\
  00,2d,00,36,00,30,00,31,00,30,00,31,00
"ProviderFlags"=dword:00000008
"ServiceFlags"=dword:00020609
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\2]
"Version"=dword:00000002
"AddressFamily"=dword:00000002
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"SocketType"=dword:00000003
"Protocol"=dword:00000000
"ProtocolMaxOffset"=dword:000000ff
"ByteOrder"=dword:00000000
"MessageSize"=dword:00008000
"szProtocol"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,6d,00,73,00,77,00,73,00,6f,00,63,00,6b,00,2e,00,64,00,6c,00,6c,00,2c,\
  00,2d,00,36,00,30,00,31,00,30,00,32,00
"ProviderFlags"=dword:0000000c
"ServiceFlags"=dword:00020609
 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 21 May 2016 - 02:24 PM

Greetings,

Yes, this might be caused by your router. First, I would like to do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Folder: C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder: C:\ProgramData\Caphyon
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check for mal;icious site activity
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Chrome related behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users