Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do i have a virus?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Nyjal-

Nyjal-

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 13 August 2016 - 09:52 PM

taskhost.exe is being always created there 

 

C:\Users\Daniel\AppData\Local\Microsoft Windows

 

and avast removes it automatically 

and it creates a taskhost.exe.config

 

please tell me what i need to remove all this crap

 

Please...



BC AdBot (Login to Remove)

 


#2 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 13 August 2016 - 10:10 PM

ASWMBR Log

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-08-14 10:50:48
-----------------------------
10:50:48.941    OS Version: Windows x64 6.2.9200 
10:50:48.941    Number of processors: 8 586 0x3C03
10:50:48.942    ComputerName: DANIEL  UserName: Daniel
10:50:49.237    Initialize success
10:50:49.240    VM: initialized successfully
10:50:49.241    VM: Intel CPU supported virtualized 
10:50:52.382    VM: disk I/O iaStorA.sys
10:50:59.981    AVAST engine defs: 16081301
10:51:18.788    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000039
10:51:18.789    Disk 0 Vendor: ST2000VX000-1ES164 CV26 Size: 1907729MB BusType: 11
10:51:19.068    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003a
10:51:19.070    Disk 1 Vendor: KINGSTON_SV300S37A120G 603ABBF0 Size: 114473MB BusType: 11
10:51:19.075    Disk 1 MBR read successfully
10:51:19.076    Disk 1 MBR scan
10:51:19.081    Disk 1 Windows 7 default MBR code
10:51:19.083    Disk 1 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
10:51:19.085    Disk 1 Partition 2 00     07      HPFS/NTFS NTFS       113921 MB offset 206848
10:51:19.088    Disk 1 Partition 3 00     27 Hidden NTFS WinRE NTFS          450 MB offset 233517056
10:51:19.095    Disk 1 scanning C:\WINDOWS\system32\drivers
10:51:20.201    Service scanning
10:51:23.289    Modules scanning
10:51:23.291    Disk 1 trace - called modules:
10:51:23.300    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
10:51:23.303    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffff828d7eaea060]
10:51:23.305    3 CLASSPNP.SYS[fffff8049f155eeb] -> nt!IofCallDriver -> [0xffff828d7c5d8c40]
10:51:23.312    5 ACPI.sys[fffff8049e484571] -> nt!IofCallDriver -> [0xffff828d7c5d5e40]
10:51:23.314    7 ACPI.sys[fffff8049e484571] -> nt!IofCallDriver -> \Device\0000003a[0xffff828d7c5dd060]
10:51:23.523    AVAST engine scan C:\WINDOWS
10:51:23.964    AVAST engine scan C:\WINDOWS\system32
10:51:29.122    Disk 1 statistics 108040/0/0 @ 32.48 MB/s
10:51:29.125    Scan stopped
10:51:31.483    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000039
10:51:31.485    Disk 0 Vendor: ST2000VX000-1ES164 CV26 Size: 1907729MB BusType: 11
10:51:31.489    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003a
10:51:31.492    Disk 1 Vendor: KINGSTON_SV300S37A120G 603ABBF0 Size: 114473MB BusType: 11
10:51:31.503    Disk 1 MBR read successfully
10:51:31.504    Disk 1 MBR scan
10:51:31.508    Disk 1 Windows 7 default MBR code
10:51:31.510    Disk 1 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
10:51:31.520    Disk 1 Partition 2 00     07      HPFS/NTFS NTFS       113921 MB offset 206848
10:51:31.522    Disk 1 Partition 3 00     27 Hidden NTFS WinRE NTFS          450 MB offset 233517056
10:51:31.529    Disk 1 scanning C:\WINDOWS\system32\drivers
10:51:32.051    Service scanning
10:51:34.861    Modules scanning
10:51:34.864    Disk 1 trace - called modules:
10:51:34.871    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
10:51:34.873    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffff828d7eaea060]
10:51:34.875    3 CLASSPNP.SYS[fffff8049f155eeb] -> nt!IofCallDriver -> [0xffff828d7c5d8c40]
10:51:34.877    5 ACPI.sys[fffff8049e484571] -> nt!IofCallDriver -> [0xffff828d7c5d5e40]
10:51:34.885    7 ACPI.sys[fffff8049e484571] -> nt!IofCallDriver -> \Device\0000003a[0xffff828d7c5dd060]
10:51:35.084    AVAST engine scan C:\
11:07:45.167    Disk 1 statistics 8404234/0/0 @ 9.19 MB/s
11:07:45.170    Scan finished successfully
11:10:31.148    Disk 1 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
11:10:31.165    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"


#3 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 14 August 2016 - 08:34 AM

BUMPERINOOOOOOOOOOOOO



#4 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 16 August 2016 - 01:54 AM

BUMPERINOOOOOOOOOOOOO



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 AM

Posted 17 August 2016 - 02:50 PM

Greetings Nyjal- and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 AM

Posted 19 August 2016 - 09:08 AM

Greetings,

I see you checked in yesterday but have not replied. Do you still need help?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 10:12 AM

Greetings,

I see you checked in yesterday but have not replied. Do you still need help?

im sorry i was busy yesterday its exam week sorry :( il get back to you asap please?



#8 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 10:23 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by Daniel (administrator) on DANIEL (19-08-2016 23:21:01)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() D:\Program Files\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() D:\Program Files\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Hammer & Chisel, Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\Discord.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\Discord.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hammer & Chisel, Inc.) C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\Discord.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-01] (Microsoft Corporation)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-11-10] (Tonec Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-17] (Valve Corporation)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [GarenaPlus] => D:\Program Files\Garena Plus\GarenaMessenger.exe [9856352 2016-07-01] ()
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Spotify] => C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-17] (Piriform Ltd)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Run: [Discord] => C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {a3720b70-681e-11e5-be82-448a5b9ac8ba} - "I:\setup.exe" 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {da43d440-c40e-11e5-bfc9-448a5b9ac8ba} - "G:\setup.exe" 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-11] (AVAST Software)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-903814144-441885261-1225124989-1001] => 180.250.187.4:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [DhcpNameServer] 114.108.195.1 114.108.193.201
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-05-26] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> D:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-03-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Daniel\AppData\Roaming\IDM\idmmzcc5 [2016-08-19] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-08]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-08]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (uBlock Origin) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-12]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-18]
CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-11]
CHR Extension: (IDM Integration Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [823136 2016-07-16] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-14] ()
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [337408 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_37481; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_37481; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [232208 2016-06-15] (EasyAntiCheat Ltd)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [803840 2016-07-16] (Microsoft Corporation)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [37328 2015-12-16] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2015-10-16] (Micro-Star INT'L CO., LTD.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-08-09] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2189840 2016-08-09] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-12-13] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [141312 2016-07-16] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614912 2016-07-16] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_37481; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_37481; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [126304 2016-07-16] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [157024 2016-07-16] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [141152 2016-07-16] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-01] (Disc Soft Ltd)
S3 GGSAFERDriver; D:\Program Files\Garena Plus\Room\safedrv.sys [27744 2016-07-15] ()
R3 gkernel; D:\Temp\gkernel.sys [44544 2016-08-19] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-07-16] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel® Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2015-11-25] (Highresolution Enterprises [www.highrez.co.uk])
R0 iorate; C:\Windows\System32\drivers\iorate.sys [45920 2016-07-16] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [179040 2016-07-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
U5 rzudd; C:\Windows\System32\Drivers\rzudd.sys [202952 2015-08-13] (Razer Inc)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2015-12-29] (Splashtop Inc.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [40288 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-07-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [21184 2016-07-29] ()
S3 X6va063; \??\C:\WINDOWS\SysWOW64\Drivers\X6va063 [29016 2016-08-03] ()
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-07-23] (Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [19176 2016-07-14] ()
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 cpuz139; \??\D:\Temp\cpuz139\cpuz139_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:21 - 2016-08-19 23:21 - 00029716 _____ C:\Users\Daniel\Desktop\FRST.txt
2016-08-19 23:20 - 2016-08-19 23:21 - 00000000 ____D C:\FRST
2016-08-19 23:19 - 2016-08-19 23:20 - 02394624 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2016-08-15 17:34 - 2016-08-15 17:34 - 00000222 _____ C:\Users\Daniel\Desktop\Evolve Stage 2.url
2016-08-15 12:08 - 2016-08-15 12:08 - 00000000 ____D C:\Users\Daniel\Desktop\No.Mans.Sky.v1.0.Plus.25.Trainer-FLiNG
2016-08-14 11:11 - 2016-08-14 11:13 - 00000000 ____D C:\AdwCleaner
2016-08-14 11:04 - 2016-08-14 11:04 - 03929376 _____ (Carifred) C:\Users\Daniel\Desktop\TechToolStore.exe
2016-08-14 10:23 - 2016-08-14 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-14 10:14 - 2016-08-14 18:06 - 00001213 _____ C:\Users\Daniel\Desktop\No Mans Sky.lnk
2016-08-14 06:14 - 2016-08-14 06:14 - 00000000 ____D C:\WINDOWS\Panther
2016-08-13 19:07 - 2016-08-13 19:07 - 00000000 ____D C:\Users\Daniel\Documents\Bandicam
2016-08-13 16:28 - 2016-07-11 10:34 - 01887800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvCamera64.dll
2016-08-13 16:28 - 2016-07-11 10:34 - 01595840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvCamera32.dll
2016-08-13 16:28 - 2016-07-11 06:37 - 00127424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-13 16:27 - 2016-08-13 16:27 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-08-13 16:27 - 2016-08-13 16:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-13 16:27 - 2016-07-11 10:34 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-08-13 16:27 - 2016-05-04 10:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-13 16:27 - 2016-05-04 10:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-13 16:27 - 2016-05-04 10:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-13 16:27 - 2016-05-04 10:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-13 16:26 - 2016-07-16 02:15 - 01579976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-08-13 16:26 - 2016-07-16 02:15 - 00214592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-08-13 16:26 - 2016-07-16 02:15 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 31680568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 25442240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 17463992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 10700592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 10656296 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 10243600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 09028360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 08742360 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 08622576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 02868160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 02497984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00999872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00930360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00909248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00852024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00801792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00694488 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00644184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00642440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00612064 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00583920 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00563856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00462904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00444472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00413488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00393152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00383936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00345800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00153232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-08-13 16:26 - 2016-07-11 10:34 - 00131584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-08-13 10:29 - 2016-08-13 10:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HelloGames
2016-08-11 11:34 - 2016-08-12 13:57 - 00000617 _____ C:\Users\Daniel\Desktop\codex.txt
2016-08-11 09:50 - 2016-08-11 20:48 - 00000000 ____D C:\Users\Daniel\Desktop\mmmmu
2016-08-10 13:08 - 2016-08-10 13:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Publish Providers
2016-08-10 06:57 - 2016-08-02 16:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 06:57 - 2016-08-02 16:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 06:57 - 2016-08-02 16:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 06:57 - 2016-08-02 15:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 06:57 - 2016-08-02 15:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 06:57 - 2016-08-02 12:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 06:57 - 2016-08-02 12:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-10 06:57 - 2016-08-02 12:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 06:57 - 2016-08-02 12:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-10 06:57 - 2016-08-02 12:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 06:57 - 2016-08-02 12:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 06:57 - 2016-08-02 12:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 06:57 - 2016-08-02 12:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 06:57 - 2016-08-02 12:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-10 06:56 - 2016-08-02 16:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 06:56 - 2016-08-02 16:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 06:56 - 2016-08-02 16:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 06:56 - 2016-08-02 16:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 06:56 - 2016-08-02 16:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 06:56 - 2016-08-02 16:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 06:56 - 2016-08-02 16:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-10 06:56 - 2016-08-02 16:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 06:56 - 2016-08-02 16:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-10 06:56 - 2016-08-02 16:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 06:56 - 2016-08-02 16:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 06:56 - 2016-08-02 16:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 06:56 - 2016-08-02 16:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 06:56 - 2016-08-02 16:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-10 06:56 - 2016-08-02 16:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 06:56 - 2016-08-02 16:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-10 06:56 - 2016-08-02 16:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 06:56 - 2016-08-02 16:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 06:56 - 2016-08-02 16:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 06:56 - 2016-08-02 16:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-10 06:56 - 2016-08-02 16:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-10 06:56 - 2016-08-02 16:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 06:56 - 2016-08-02 15:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 06:56 - 2016-08-02 15:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 06:56 - 2016-08-02 15:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 06:56 - 2016-08-02 15:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 06:56 - 2016-08-02 15:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 06:56 - 2016-08-02 15:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 06:56 - 2016-08-02 15:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-10 06:56 - 2016-08-02 12:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 06:56 - 2016-08-02 12:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 06:56 - 2016-08-02 12:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-10 06:56 - 2016-08-02 12:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 06:56 - 2016-08-02 12:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 06:56 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 06:56 - 2016-08-02 12:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 06:56 - 2016-08-02 12:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 06:56 - 2016-08-02 12:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-10 06:56 - 2016-08-02 12:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 06:56 - 2016-08-02 12:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 06:56 - 2016-08-02 12:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-09 18:43 - 2016-08-09 21:51 - 00000401 _____ C:\Users\Daniel\Desktop\howww.txt
2016-08-09 15:53 - 2016-08-09 23:16 - 00000000 ____D C:\Users\Daniel\Documents\FLiNGTrainer
2016-08-09 15:27 - 2016-08-09 15:27 - 00000835 _____ C:\Users\Public\Desktop\Rise of the Tomb Raider.lnk
2016-08-09 15:27 - 2016-08-09 15:27 - 00000000 ____D C:\Users\Daniel\Documents\CPY_SAVES
2016-08-08 15:08 - 2016-08-11 17:33 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-08-08 07:48 - 2016-08-08 09:45 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\discord
2016-08-08 07:48 - 2016-08-08 07:48 - 00002274 _____ C:\Users\Daniel\Desktop\Discord.lnk
2016-08-08 07:48 - 2016-08-08 07:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-07 13:04 - 2016-08-07 13:04 - 00000000 ____D C:\Users\Daniel\Documents\Rise of the Tomb Raider
2016-08-07 13:04 - 2016-08-07 13:04 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Crystal Dynamics
2016-08-06 22:20 - 2016-08-17 13:25 - 00000000 ____D C:\Users\Daniel\Desktop\NIV
2016-08-06 21:02 - 2016-08-06 21:02 - 00001318 _____ C:\Users\Daniel\Desktop\Minecraft.lnk
2016-08-06 20:59 - 2016-08-06 21:04 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2016-08-06 20:57 - 2016-08-06 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-08-06 19:56 - 2016-08-15 17:43 - 00000135 _____ C:\Users\Daniel\Desktop\Things to buy.txt
2016-08-06 00:36 - 2016-08-06 00:37 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-06 00:36 - 2016-08-06 00:36 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-06 00:36 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-06 00:36 - 2015-06-18 17:59 - 02862488 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-08-06 00:36 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-08-06 00:36 - 2015-06-17 19:47 - 02585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2016-08-06 00:36 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-06 00:36 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-06 00:36 - 2015-06-11 19:40 - 03157796 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2016-08-06 00:36 - 2015-06-10 13:20 - 03129672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-08-06 00:36 - 2015-06-10 13:20 - 00728392 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-08-06 00:36 - 2015-06-09 11:17 - 05708736 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-08-06 00:36 - 2015-06-02 19:25 - 01576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-08-06 00:36 - 2015-05-27 18:51 - 02461016 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-08-06 00:36 - 2015-05-27 18:51 - 02393432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2016-08-06 00:36 - 2015-05-27 18:51 - 00944984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-08-06 00:36 - 2015-05-27 18:51 - 00349528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-08-06 00:36 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-08-06 00:36 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-06 00:36 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-08-06 00:36 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-06 00:36 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-06 00:36 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-06 00:36 - 2015-05-11 18:53 - 12996528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-08-06 00:36 - 2015-05-11 13:08 - 01374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-08-06 00:36 - 2015-05-11 13:08 - 01192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-08-06 00:36 - 2015-05-11 13:08 - 01145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-08-06 00:36 - 2015-05-11 13:08 - 00980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-08-06 00:36 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2016-08-06 00:36 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-08-06 00:36 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-08-06 00:36 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-08-06 00:36 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-08-06 00:36 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2016-08-06 00:36 - 2015-02-05 17:48 - 12834736 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-08-06 00:36 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-08-06 00:36 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-08-06 00:36 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-08-06 00:36 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-08-06 00:36 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-08-06 00:36 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-08-06 00:36 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-08-06 00:36 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-06 00:36 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-08-06 00:36 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-08-06 00:36 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-08-06 00:36 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-08-06 00:36 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-06 00:36 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2016-08-06 00:36 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2016-08-06 00:36 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2016-08-06 00:36 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2016-08-06 00:36 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-08-06 00:36 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-08-06 00:36 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-08-06 00:36 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-08-06 00:36 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-08-06 00:36 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-08-06 00:36 - 2014-08-14 19:16 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-08-06 00:36 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-08-06 00:36 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-08-06 00:36 - 2014-05-22 16:24 - 00096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-08-06 00:36 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-08-06 00:36 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-08-06 00:36 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2016-08-06 00:36 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-08-06 00:36 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-08-06 00:36 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-08-06 00:36 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-08-06 00:36 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-08-06 00:36 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-08-06 00:36 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-08-06 00:36 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-08-06 00:36 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-08-06 00:36 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-08-06 00:36 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2016-08-06 00:36 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2016-08-06 00:36 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2016-08-06 00:36 - 2013-06-21 11:01 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-08-06 00:36 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-08-06 00:36 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-08-06 00:36 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-08-06 00:36 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-08-06 00:36 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-08-06 00:36 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-08-06 00:36 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-08-06 00:36 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-08-06 00:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-06 00:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-06 00:36 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-08-06 00:36 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-08-06 00:36 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-08-06 00:36 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-08-06 00:36 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-08-06 00:36 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-08-06 00:36 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-08-06 00:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-08-06 00:36 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-08-06 00:36 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-08-06 00:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-08-06 00:36 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-08-06 00:36 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-08-06 00:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-08-05 02:44 - 2016-08-07 11:04 - 00000000 ____D C:\Program Files\CMAK
2016-08-05 02:44 - 2016-08-07 11:04 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-05 02:44 - 2016-08-05 02:44 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-05 02:44 - 2016-08-05 02:44 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-05 02:44 - 2016-08-05 02:44 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-05 02:44 - 2016-08-05 02:44 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-05 02:44 - 2016-08-05 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-05 02:44 - 2016-07-16 11:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2016-08-05 02:44 - 2016-07-16 11:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2016-08-05 02:44 - 2016-07-16 11:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-08-05 02:44 - 2016-07-16 11:26 - 00376320 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2016-08-05 02:44 - 2016-07-16 11:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-08-05 02:44 - 2016-07-16 11:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2016-08-05 02:44 - 2016-07-16 11:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-08-05 02:44 - 2016-07-16 11:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2016-08-05 02:44 - 2016-07-16 11:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2016-08-05 02:44 - 2016-07-16 11:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2016-08-05 02:44 - 2016-07-16 11:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2016-08-05 02:44 - 2016-07-16 11:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-08-05 02:44 - 2016-07-16 11:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-08-05 02:44 - 2016-07-16 11:14 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-08-05 02:44 - 2016-07-16 11:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-08-05 02:44 - 2016-07-16 11:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-08-05 02:44 - 2016-07-16 11:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-08-05 02:44 - 2016-07-16 11:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-08-05 02:44 - 2016-07-16 11:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-08-05 02:44 - 2016-07-16 11:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-08-05 02:44 - 2016-07-16 10:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2016-08-05 02:44 - 2016-07-16 10:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2016-08-05 02:44 - 2016-07-16 10:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-08-05 02:44 - 2016-07-16 10:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-08-05 02:44 - 2016-07-16 10:41 - 00355840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2016-08-05 02:44 - 2016-07-16 10:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2016-08-05 02:44 - 2016-07-16 10:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2016-08-05 02:44 - 2016-07-16 10:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2016-08-05 02:44 - 2016-07-16 10:37 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-08-05 02:44 - 2016-07-16 10:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2016-08-05 02:44 - 2016-07-16 10:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2016-08-05 02:44 - 2016-07-16 10:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2016-08-05 02:44 - 2016-07-16 10:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2016-08-05 02:44 - 2016-07-16 10:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-08-05 02:44 - 2016-07-16 10:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2016-08-05 02:44 - 2016-07-16 10:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2016-08-05 02:44 - 2016-07-16 10:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2016-08-05 02:44 - 2016-07-16 10:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2016-08-05 02:44 - 2016-07-16 10:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2016-08-05 02:44 - 2016-07-16 10:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2016-08-05 02:42 - 2016-08-05 02:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-05 02:41 - 2016-08-05 02:41 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-05 02:41 - 2016-08-05 02:41 - 00000000 ____D C:\Program Files\MSBuild
2016-08-05 02:41 - 2016-08-05 02:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-05 02:41 - 2016-08-05 02:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-05 02:41 - 2016-05-26 06:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-05 02:41 - 2016-05-26 06:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-05 02:41 - 2016-05-26 06:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-05 02:41 - 2016-05-26 03:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-05 02:41 - 2016-05-26 03:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-05 02:41 - 2016-05-26 03:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-04 11:15 - 2016-08-04 11:15 - 00002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-04 10:55 - 2016-08-04 10:55 - 00000000 ____D C:\ProgramData\USOShared
2016-08-04 10:55 - 2016-08-04 10:55 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-04 10:54 - 2016-08-15 09:31 - 00000438 __RSH C:\Users\Daniel\ntuser.pol
2016-08-04 10:54 - 2016-08-04 10:54 - 00000020 ___SH C:\Users\Daniel\ntuser.ini
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-04 10:54 - 2016-08-04 10:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-04 10:53 - 2016-08-04 10:53 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-04 10:53 - 2016-08-04 10:53 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-04 10:52 - 2016-08-19 23:13 - 00005194 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel
2016-08-04 10:52 - 2016-08-19 22:28 - 00003572 _____ C:\WINDOWS\System32\Tasks\Garena+ Plugin Host Service
2016-08-04 10:52 - 2016-08-19 22:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-04 10:52 - 2016-08-04 10:52 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-04 10:52 - 2016-08-04 10:52 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-04 10:52 - 2016-08-04 10:52 - 00003350 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468233624
2016-08-04 10:52 - 2016-08-04 10:52 - 00003286 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{078B0B83-B108-47E6-92C2-6F7216E2F4DB}
2016-08-04 10:52 - 2016-08-04 10:52 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-04 10:52 - 2016-08-04 10:52 - 00002952 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-04 10:52 - 2016-08-04 10:52 - 00002876 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-903814144-441885261-1225124989-1001
2016-08-04 10:52 - 2016-08-04 10:52 - 00002646 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-08-04 10:52 - 2016-08-04 10:52 - 00002506 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2016-08-04 10:52 - 2016-08-04 10:52 - 00002370 _____ C:\WINDOWS\System32\Tasks\CAM
2016-08-04 10:52 - 2016-08-04 10:52 - 00002314 _____ C:\WINDOWS\System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0}
2016-08-04 10:52 - 2016-08-04 10:52 - 00002308 _____ C:\WINDOWS\System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071}
2016-08-04 10:52 - 2016-08-04 10:52 - 00002148 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2016-08-04 10:52 - 2016-08-04 10:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-04 10:51 - 2016-08-04 10:51 - 00000252 ____H C:\WINDOWS\Tasks\MSISW_Host.job
2016-08-04 10:50 - 2016-08-04 10:50 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-04 10:48 - 2016-08-15 09:31 - 00000000 ____D C:\Users\Daniel
2016-08-04 10:48 - 2016-08-04 10:50 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-04 10:48 - 2016-08-04 10:48 - 00000000 _SHDL C:\Users\Daniel\My Documents
2016-08-04 10:48 - 2016-08-04 10:48 - 00000000 _SHDL C:\Users\Daniel\Documents\My Videos
2016-08-04 10:48 - 2016-08-04 10:48 - 00000000 _SHDL C:\Users\Daniel\Documents\My Pictures
2016-08-04 10:48 - 2016-08-04 10:48 - 00000000 _SHDL C:\Users\Daniel\Documents\My Music
2016-08-04 10:48 - 2016-07-16 19:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-04 10:47 - 2016-08-19 22:34 - 01805218 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-04 10:47 - 2016-08-19 22:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-04 10:47 - 2016-08-13 16:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-04 10:47 - 2016-08-06 00:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-04 10:47 - 2016-08-06 00:37 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-08-04 10:47 - 2016-08-04 10:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-04 10:47 - 2016-08-04 10:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-04 10:47 - 2016-08-04 10:47 - 01322300 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-04 10:47 - 2016-08-04 10:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-08-04 10:47 - 2016-08-04 10:47 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-04 10:47 - 2016-08-04 10:47 - 00000000 ____D C:\Program Files\Realtek
2016-08-04 10:47 - 2016-07-11 06:58 - 06385720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 02465848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 01362880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-04 10:47 - 2016-07-11 06:58 - 00546240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-04 10:47 - 2016-07-08 01:05 - 07211925 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-04 10:46 - 2016-08-19 13:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-04 10:46 - 2016-08-10 13:04 - 05020816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-04 10:46 - 2016-08-04 10:46 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-03 21:55 - 2016-08-03 21:55 - 00029016 _____ C:\WINDOWS\SysWOW64\Drivers\X6va063
2016-07-31 20:50 - 2016-07-31 20:50 - 00000000 ____D C:\Users\Daniel\Desktop\Sale
2016-07-31 17:55 - 2016-07-31 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SolidDocuments
2016-07-31 13:18 - 2016-07-31 13:18 - 00000063 _____ C:\Users\Daniel\Desktop\Steam Guides.txt
2016-07-30 22:14 - 2016-07-30 22:14 - 00001270 _____ C:\Users\Daniel\Desktop\The Sims 4 Deluxe Edition.lnk
2016-07-30 21:43 - 2016-07-30 11:08 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2016-07-30 21:42 - 2016-08-01 11:02 - 00000482 _____ C:\Users\Daniel\Desktop\paypal.txt
2016-07-26 20:59 - 2016-08-19 19:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DMCache
2016-07-25 23:35 - 2016-07-25 23:35 - 00000940 _____ C:\WINDOWS\SysWOW64\CAM.lnk
2016-07-24 23:09 - 2016-07-24 23:19 - 00000000 ____D C:\Users\Daniel\Documents\WBFS Manager Covers
2016-07-24 23:09 - 2016-07-24 23:09 - 00000849 _____ C:\Users\Daniel\Desktop\WBFS Manager 3.0.lnk
2016-07-22 01:04 - 2016-08-01 21:45 - 00000000 ____D C:\Users\Daniel\Documents\My Games
2016-07-22 00:40 - 2016-07-22 00:40 - 00001891 _____ C:\Users\Daniel\Desktop\Spotify.lnk
2016-07-22 00:40 - 2016-07-22 00:40 - 00001877 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-07-22 00:38 - 2016-08-19 22:33 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2016-07-21 18:13 - 2016-07-23 01:54 - 00000057 _____ C:\Users\Daniel\Desktop\scam.txt
2016-07-21 07:28 - 2016-07-22 12:58 - 00000047 _____ C:\Users\Daniel\Desktop\pass em.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:13 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-19 23:13 - 2015-11-11 01:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2016-08-19 19:21 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-18 18:29 - 2015-11-02 15:51 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2016-08-18 16:56 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-17 13:25 - 2016-07-18 15:08 - 00000000 ____D C:\Users\Daniel\Desktop\Myla files
2016-08-17 12:50 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-15 17:34 - 2015-12-26 10:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-14 11:14 - 2015-09-27 18:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2016-08-14 10:42 - 2015-10-20 13:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-14 10:41 - 2015-10-20 13:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-13 19:17 - 2015-11-13 10:54 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\IDM
2016-08-12 16:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 21:42 - 2016-07-16 14:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-11 13:57 - 2016-02-23 19:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\obs-studio
2016-08-11 11:45 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 17:41 - 2016-03-28 00:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Audacity
2016-08-10 13:04 - 2015-09-10 13:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 13:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-10 07:04 - 2015-09-27 13:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 07:02 - 2015-09-27 13:23 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 18:32 - 2015-10-11 10:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Origin
2016-08-09 18:32 - 2015-10-11 10:49 - 00000000 ____D C:\ProgramData\Origin
2016-08-09 09:05 - 2015-11-23 14:34 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 09:05 - 2015-11-23 14:34 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 11:04 - 2016-07-16 22:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-08-07 11:04 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\Com
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-07 11:04 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-07 11:04 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-08-07 11:04 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-07 11:04 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-08-07 11:04 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\servicing
2016-08-06 00:37 - 2015-09-27 12:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 00:36 - 2016-07-18 17:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-05 17:30 - 2016-07-14 22:52 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-08-05 17:30 - 2016-03-05 19:12 - 00001831 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-08-05 15:35 - 2016-07-11 18:38 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-05 09:03 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-05 02:46 - 2016-07-16 19:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-04 10:56 - 2015-09-28 10:34 - 00002402 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-04 10:56 - 2015-09-28 10:34 - 00000000 ___RD C:\Users\Daniel\OneDrive
2016-08-04 10:55 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-04 10:54 - 2015-10-14 11:22 - 00000588 __RSH C:\ProgramData\ntuser.pol
2016-08-04 10:53 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-04 10:53 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-04 10:53 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-04 10:52 - 2016-07-16 19:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-04 10:52 - 2015-09-28 10:31 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-04 10:50 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-04 10:50 - 2016-07-14 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2016-08-04 10:50 - 2016-07-08 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 2.0
2016-08-04 10:50 - 2016-07-03 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2016-08-04 10:50 - 2016-07-03 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-08-04 10:50 - 2016-05-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-04 10:50 - 2016-05-13 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-04 10:50 - 2016-03-01 13:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-04 10:50 - 2016-03-01 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-04 10:50 - 2016-02-23 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-08-04 10:50 - 2016-02-08 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-04 10:50 - 2016-01-26 21:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-08-04 10:50 - 2015-12-15 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-08-04 10:50 - 2015-11-13 10:52 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-08-04 10:50 - 2015-11-13 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-08-04 10:50 - 2015-10-30 17:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-04 10:50 - 2015-10-23 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-08-04 10:50 - 2015-10-01 19:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-04 10:50 - 2015-10-01 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-04 10:50 - 2015-09-28 10:58 - 00000000 ____D C:\WINDOWS\SysWOW64\LiveUpdate
2016-08-04 10:50 - 2015-09-28 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-04 10:50 - 2015-09-27 15:26 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-04 10:50 - 2015-09-27 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-04 10:50 - 2015-09-27 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-04 10:49 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-04 10:49 - 2016-07-03 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-04 10:49 - 2016-05-28 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-08-04 10:49 - 2016-02-19 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2016-08-04 10:49 - 2015-12-15 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-04 10:49 - 2015-11-24 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-08-04 10:49 - 2015-11-08 13:08 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-04 10:49 - 2015-10-18 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-04 10:48 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-04 10:48 - 2016-06-05 17:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-04 10:48 - 2012-07-26 16:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-04 10:47 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-04 10:05 - 2015-11-23 14:34 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-04 09:05 - 2015-11-23 14:34 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-01 20:29 - 2016-07-14 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\GarenaPlus
2016-08-01 20:29 - 2016-07-14 21:26 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-07-30 11:16 - 2015-09-27 20:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2016-07-29 21:08 - 2016-07-15 22:58 - 00021184 _____ C:\WINDOWS\SysWOW64\Drivers\X6va062
2016-07-29 20:51 - 2016-07-16 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayPark
2016-07-28 08:18 - 2015-12-15 12:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-28 08:18 - 2015-11-02 15:48 - 00000000 ____D C:\ProgramData\Skype
2016-07-28 03:25 - 2015-09-27 13:37 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-25 21:13 - 2016-07-07 06:40 - 00000000 ____D C:\Users\Daniel\Desktop\SLAM_v1.2.2
2016-07-23 23:37 - 2016-07-14 22:01 - 00036904 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2016-07-22 05:51 - 2016-04-25 00:35 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-07-22 05:51 - 2016-04-25 00:35 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-07-21 06:57 - 2016-06-09 21:52 - 00000115 _____ C:\Users\Daniel\Desktop\Steam Keys.txt
 
==================== Files in the root of some directories =======
 
2016-04-14 17:52 - 2016-04-14 17:52 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-04-06 14:25 - 2016-05-16 13:56 - 0000500 _____ () C:\Users\Daniel\AppData\Local\pref.data
2015-11-17 15:36 - 2016-08-08 20:11 - 0007597 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2016-08-04 10:47 - 2016-08-04 10:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-15 11:06
 
==================== End of FRST.txt ============================


#9 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 10:24 AM

Greetings,

I see you checked in yesterday but have not replied. Do you still need help?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Daniel (19-08-2016 23:21:21)
Running from C:\Users\Daniel\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-04 02:54:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-903814144-441885261-1225124989-500 - Administrator - Disabled)
Daniel (S-1-5-21-903814144-441885261-1225124989-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-903814144-441885261-1225124989-503 - Limited - Disabled)
Guest (S-1-5-21-903814144-441885261-1225124989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-903814144-441885261-1225124989-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.31.1 - Mirillis)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crossfire 2.0 version 1180 (HKLM-x32\...\{6FA0CF59-F95B-44FD-BF90-DB02CAE5843A}_is1) (Version: 1180 - Gameclub)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HandBrake 0.10.3 (HKLM-x32\...\HandBrake) (Version: 0.10.3 - )
IDM Patch 6.25 build 03 (HKLM-x32\...\IDM Patch 6.25 build 03) (Version: build 03 - SandySeedings Team)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.3.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 4 - MSI Co., LTD)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.1.3 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.34 - MSI)
No Mans Sky (HKLM-x32\...\No Mans Sky_is1) (Version:  - )
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenIV (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
OpenVPN 2.3.11-I601  (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Remote Action! (HKLM-x32\...\Mirillis Remote Action!) (Version: 1.0.2 - Mirillis)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-903814144-441885261-1225124989-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {052884E8-0163-442A-98B1-5D32664F97BC} - System32\Tasks\Garena+ Plugin Host Service => D:\Program Files\Garena Plus\ggdllhost.exe [2016-06-01] ()
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {19A98713-B4F5-437D-A9D4-02A8025D2AE9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {1F0E9456-E728-490D-9E0B-1FA1600FD356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {25910875-9D6D-45CA-B60E-272F4658F3A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2D8A984E-7FBD-450D-BB5B-090A74022072} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {3E31ABD7-7B10-482B-AD2F-EFAA1C4741C3} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {4D6633AF-29C8-475C-967E-0AC44FD0BD66} - System32\Tasks\SafeZone scheduled Autoupdate 1468233624 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {5BE91AA6-4313-4E4B-9C09-33DBE53D8152} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {6939035B-C78C-4E32-AAF4-04B90E81E006} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {745CEC91-A541-4D9F-B097-147D9CD45D6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.)
Task: {7694C71F-5C23-4070-8AE5-8C6AA87FD137} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-11] (AVAST Software)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7B16F2EB-779E-45B2-9449-2C14C1E25E5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8CB59047-F571-4016-903D-F80E264F39C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-07-16] (Microsoft Corporation)
Task: {9D4C7B59-40F6-4BB8-88CE-924B4F1FEC9F} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {9FFE3C48-5638-4B3C-A506-9A2D1798A499} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AD7321D2-997C-4E81-AE46-4631E6B033A3} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {B22ACFEF-E418-4E99-8E1B-06D43CA60770} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-07-16] (Microsoft Corporation)
Task: {C2EF75D3-62A7-4D52-A185-D99F0FA58A31} - System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.13.0.101&amp;LastError=12002
Task: {CB2F389F-8F4E-4EA4-939D-B39962287495} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DANIEL-Daniel Daniel => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CB6C544D-55B3-4A0F-8480-3533EBEEAE34} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {CD19BC8A-E9FE-49ED-92A5-0E1194F69F00} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {CF846CAD-AADA-431B-92EC-7EFAAADD2868} - System32\Tasks\CAM => D:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.exe
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D8E1F676-440C-4046-8A4A-2A20DEE9DDE8} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {E315787F-79C0-4F68-B6E3-FAB39561186A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {EE9B9144-F813-47BD-9272-4A8DC331A023} - System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.13.0.101&amp;LastError=-3
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Daniel\Desktop\server.lnk -> D:\Program Files (x86)\Minecraft Server\run.bat ()
 
ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-04 10:47 - 2016-07-11 06:58 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-06 15:37 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-06 01:20 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-04 23:59 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-06 15:37 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-13 09:10 - 2015-12-13 09:25 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-07-16 19:42 - 2016-07-16 19:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-04 10:56 - 2016-08-04 10:56 - 00959168 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-28 19:10 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-10 06:56 - 2016-08-02 16:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-10 06:57 - 2016-08-02 16:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-10 06:57 - 2016-08-02 15:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-10 06:57 - 2016-08-02 15:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-10 06:57 - 2016-08-02 15:54 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-10 06:57 - 2016-08-02 15:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-10 06:57 - 2016-08-02 15:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-01 19:17 - 2016-06-01 19:17 - 00174632 _____ () D:\Program Files\Garena Plus\ggdllhost.exe
2016-05-04 23:59 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-04 23:59 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-04 23:59 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-26 21:45 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-04 23:59 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-04 23:59 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-14 17:58 - 2016-03-14 17:58 - 00055176 _____ () D:\Program Files\CCleaner\branding.dll
2016-07-11 18:38 - 2016-07-11 18:38 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-19 08:00 - 2016-08-19 08:00 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16081802\algo.dll
2016-07-11 18:38 - 2016-07-11 18:38 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-09 18:00 - 2016-08-09 18:00 - 02492928 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2016-07-01 20:01 - 2016-07-01 20:01 - 03423584 _____ () D:\Program Files\Garena Plus\ggspawn.dll
2015-09-28 06:57 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-22 00:40 - 2016-08-05 11:58 - 52042352 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\libcef.dll
2016-08-08 07:47 - 2016-08-01 13:11 - 01950392 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\ffmpeg.dll
2016-08-08 07:48 - 2016-08-08 07:48 - 01043640 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.295\modules\discord_voice\discord_voice.node
2016-08-08 07:48 - 2016-08-08 07:48 - 03784376 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.295\modules\discord_voice\libdiscord.dll
2016-08-08 07:48 - 2016-08-08 07:48 - 00887992 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.295\modules\discord_utils\discord_utils.node
2016-08-08 07:48 - 2016-08-08 07:48 - 00775864 _____ () \\?\C:\Users\Daniel\AppData\Roaming\discord\0.0.295\modules\discord_toaster\discord_toaster.node
2016-08-08 07:47 - 2016-08-01 13:11 - 02230456 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\libglesv2.dll
2016-08-08 07:47 - 2016-08-01 13:11 - 00088760 _____ () C:\Users\Daniel\AppData\Local\Discord\app-0.0.295\libegl.dll
2016-07-11 18:38 - 2016-07-11 18:38 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-19 22:28 - 2016-08-19 22:28 - 00170496 _____ () \\?\D:\Temp\89D1.tmp.node
2016-08-17 15:34 - 2016-08-09 07:27 - 00785920 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2016-08-17 15:34 - 2015-07-02 06:06 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2016-08-17 15:34 - 2016-08-17 04:54 - 02321184 _____ () D:\Program Files (x86)\Steam\video.dll
2016-08-17 15:34 - 2016-01-27 15:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-17 15:34 - 2016-01-27 15:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-17 15:34 - 2016-01-27 15:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-17 15:34 - 2016-01-27 15:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-17 15:34 - 2016-01-27 15:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-17 15:34 - 2015-07-02 06:06 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2016-08-17 15:34 - 2015-07-02 06:06 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2016-08-17 15:34 - 2016-08-17 04:54 - 00835360 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-17 15:34 - 2016-07-05 06:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2016-08-17 15:34 - 2016-08-05 04:56 - 49825056 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2016-07-22 00:40 - 2016-08-05 11:58 - 01741936 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\libglesv2.dll
2016-07-22 00:40 - 2016-08-05 11:58 - 00087664 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\libegl.dll
2016-08-17 15:34 - 2015-09-25 07:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2016-08-09 09:05 - 2016-08-03 08:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 09:05 - 2016-08-03 08:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-24 19:30 - 2016-07-22 00:41 - 00000898 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{ae038984-9823-4093-be34-3103dcc652cc}.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\StartupApproved\Run: => "GarenaPlus"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{7B92ED9D-F5C3-4241-BAD5-E5C82EAC2FDD}] => (Allow) LPort=2333
FirewallRules: [{5F5B397C-C0AF-4441-B175-549CD7EDA8C4}] => (Allow) LPort=9143
FirewallRules: [UDP Query User{6995B8C9-063E-423C-A83B-BE06B2683FE3}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5283864A-9D3F-488D-A319-CFE1CFC7F34A}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D22B429D-97F1-4548-A953-6F8232F02321}] => (Allow) LPort=8370
FirewallRules: [{AF9BA81A-D89D-4CBE-A642-EB5A0C77163A}] => (Allow) LPort=8370
FirewallRules: [{FAC78918-61E8-4DD0-8963-14A1EA1F2DE1}] => (Allow) D:\Program Files\Garena Plus\Room\garena_room.exe
FirewallRules: [UDP Query User{FCACC7F1-7BF5-4A39-8387-546ACDCF8BFA}D:\program files\garena plus\garenamessenger.exe] => (Block) D:\program files\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{647AF8E2-6D2F-4945-A98E-7117D733DE9A}D:\program files\garena plus\garenamessenger.exe] => (Block) D:\program files\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{DEE6FE04-DCA3-456A-96E1-23EBECF041DD}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Block) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [TCP Query User{573E5669-F7DF-4939-BC50-F25963FFDE37}C:\program files (x86)\msi\gaming app\gamingapp.exe] => (Block) C:\program files (x86)\msi\gaming app\gamingapp.exe
FirewallRules: [{8B2E82A0-834A-46F4-BA64-4AD314FE6682}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{DFAF83F5-142E-4017-AC0E-8745872D4D7B}G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Block) G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [TCP Query User{ABFCADB4-E40E-49DA-A81D-640498A38A6E}G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Block) G:\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [{B4AA7285-786B-40BC-BC88-5002AB302461}] => (Block) %ProgramFiles% (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{79F71172-0C7F-4420-863B-B1C176571EB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D5282FF8-F17A-4CF2-A6A8-14B921F69F8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2A974BB9-6C54-417C-BFDD-F421C912784B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A3483AED-F984-4D2D-AE56-30F3373A1805}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{83A9DA99-4942-476C-90A6-5BE87C13F9A7}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2EC5C71B-0D9D-4885-8592-B2506A57C007}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{026A429C-18EE-4D07-BEB9-A3EACB31F71F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DDE8ADE6-76DD-4CED-A760-85CBA7C314A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BBEA2C78-1396-4C81-89BD-A0B085486EA7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{172BAE73-E3E2-497E-9260-D6FCDC16CDFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0A94D24F-CB8C-4109-9CE9-CBA2BDEA94D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0A744B44-D3F0-4E7D-B7DA-F998C9002044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{689A4B06-213E-4DC7-9C86-81978EC2ADA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B648DECD-06C3-4A86-A258-ED996586341E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{957A4EB8-BB41-4015-99BE-581BA99C8F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E1CD3224-A380-4374-B97F-1DE6A7135A61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{107BC8FD-3340-409B-9374-1FD0D4FC9948}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CB783713-A216-4130-8245-0E1120E69633}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{19D615C1-EF8F-4D4D-984E-173169E507DE}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FD23E41-D774-48D8-8F4B-2245E96564F3}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0FEFA943-A628-4D33-B908-20C08886F886}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F7BB9605-BE8B-4731-9A61-C9A3D13A690D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFBA4C1B-FE5D-4E64-B5AE-59688778CE94}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{914E95E8-2B73-4E64-A4B2-246B3B4B10EB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3395845D-F3D7-4057-B1EC-D35DD4A8BBE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6644DFE6-C123-4838-8CFC-2E3F7555639A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{90497EA6-7C75-48C0-B221-07E5CE95D6FB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90982748-EAFA-4965-8F7A-61FEC88CD5F0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1164E475-0760-4E90-BDE4-1F9CE89446C7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7FC25B50-C04E-4071-B09A-761986B437B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{031E7F25-7B21-48A7-A06D-A522ACA3A65D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6FF9B01-2821-47DC-B943-F55C5F2DFAA4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{695A1F07-94D7-4488-B133-FE8BFAC86299}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{738EA134-BBF6-41CE-994B-81EBE5A5BFBE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{6935344D-338A-4DCC-9CCA-45C08C502504}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2016 11:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileIOSurrogate.exe, version: 13.0.0.453, time stamp: 0x55720e3b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1098
Faulting application start time: 0xFileIOSurrogate.exe0
Faulting application path: FileIOSurrogate.exe1
Faulting module path: FileIOSurrogate.exe2
Report Id: FileIOSurrogate.exe3
Faulting package full name: FileIOSurrogate.exe4
Faulting package-relative application ID: FileIOSurrogate.exe5
 
Error: (08/19/2016 11:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileIOSurrogate.exe, version: 13.0.0.453, time stamp: 0x55720e3b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1098
Faulting application start time: 0xFileIOSurrogate.exe0
Faulting application path: FileIOSurrogate.exe1
Faulting module path: FileIOSurrogate.exe2
Report Id: FileIOSurrogate.exe3
Faulting package full name: FileIOSurrogate.exe4
Faulting package-relative application ID: FileIOSurrogate.exe5
 
Error: (08/19/2016 10:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileIOSurrogate.exe, version: 13.0.0.453, time stamp: 0x55720e3b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x81c
Faulting application start time: 0xFileIOSurrogate.exe0
Faulting application path: FileIOSurrogate.exe1
Faulting module path: FileIOSurrogate.exe2
Report Id: FileIOSurrogate.exe3
Faulting package full name: FileIOSurrogate.exe4
Faulting package-relative application ID: FileIOSurrogate.exe5
 
Error: (08/19/2016 10:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileIOSurrogate.exe, version: 13.0.0.453, time stamp: 0x55720e3b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x81c
Faulting application start time: 0xFileIOSurrogate.exe0
Faulting application path: FileIOSurrogate.exe1
Faulting module path: FileIOSurrogate.exe2
Report Id: FileIOSurrogate.exe3
Faulting package full name: FileIOSurrogate.exe4
Faulting package-relative application ID: FileIOSurrogate.exe5
 
Error: (08/19/2016 06:09:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (08/19/2016 02:03:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2016 03:32:38 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: DANIEL)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe1018
 
Error: (08/17/2016 01:25:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/16/2016 02:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CFLAUNCHER.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d0c
 
Start Time: 01d1f78ad6651dd0
 
Termination Time: 4294967295
 
Application Path: D:\Program Files (x86)\Crossfire 2.0\CFLAUNCHER.EXE
 
Report Id: 6ba9239b-637e-11e6-8239-f63026c29cec
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/15/2016 03:55:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIEL)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/19/2016 10:31:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/19/2016 04:47:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/19/2016 02:03:56 PM) (Source: DCOM) (EventID: 10010) (User: DANIEL)
Description: App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca
 
Error: (08/19/2016 12:53:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/19/2016 12:27:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (08/19/2016 12:16:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/19/2016 11:36:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/19/2016 08:01:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/18/2016 06:11:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (08/18/2016 05:01:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8140.68 MB
Available physical RAM: 4539.33 MB
Total Virtual: 11212.68 MB
Available Virtual: 7209.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.25 GB) (Free:83.75 GB) NTFS
Drive d: () (Fixed) (Total:976.56 GB) (Free:205.18 GB) NTFS
Drive e: (My Files) (Fixed) (Total:886.45 GB) (Free:394.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1C4EA9A9)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 409DABD2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#10 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 10:27 AM

ATTACHMENT SAID IM NOT PERMITTED TO UPLOAD THIS FILE



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 AM

Posted 19 August 2016 - 11:54 AM

Greetings,

No problem, it is just that some people abandon the topic but don't say anything.

What symptoms are you noticing that make you believe you might be infected?

Don't worry about the System Summary for now.

Do you recognize these?

180.250.187.4 Indonesia Ambon Pt Telkom Indonesia
114.108.195.1 Philippines San Juan Skybroadband


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {a3720b70-681e-11e5-be82-448a5b9ac8ba} - "I:\setup.exe" 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {da43d440-c40e-11e5-bfc9-448a5b9ac8ba} - "G:\setup.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
R3 gkernel; D:\Temp\gkernel.sys [44544 2016-08-19] ()
D:\Temp\gkernel.sys
S3 cpuz139; \??\D:\Temp\cpuz139\cpuz139_x64.sys [X]
2016-08-04 10:52 - 2016-08-04 10:52 - 00002314 _____ C:\WINDOWS\System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0}
2016-08-04 10:52 - 2016-08-04 10:52 - 00002308 _____ C:\WINDOWS\System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071}
D:\Temp\89D1.tmp.node
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms?
  • Recognize IP names?
  • Fixlist
  • ART.txt
  • Update on system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 12:04 PM

Greetings,

No problem, it is just that some people abandon the topic but don't say anything.

What symptoms are you noticing that make you believe you might be infected?

Don't worry about the System Summary for now.

Do you recognize these?

180.250.187.4 Indonesia Ambon Pt Telkom Indonesia
114.108.195.1 Philippines San Juan Skybroadband


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {a3720b70-681e-11e5-be82-448a5b9ac8ba} - "I:\setup.exe" 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {da43d440-c40e-11e5-bfc9-448a5b9ac8ba} - "G:\setup.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
R3 gkernel; D:\Temp\gkernel.sys [44544 2016-08-19] ()
D:\Temp\gkernel.sys
S3 cpuz139; \??\D:\Temp\cpuz139\cpuz139_x64.sys [X]
2016-08-04 10:52 - 2016-08-04 10:52 - 00002314 _____ C:\WINDOWS\System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0}
2016-08-04 10:52 - 2016-08-04 10:52 - 00002308 _____ C:\WINDOWS\System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071}
D:\Temp\89D1.tmp.node
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms?
  • Recognize IP names?
  • Fixlist
  • ART.txt
  • Update on system performance

 

 

 

i dont know these 2

 

180.250.187.4 Indonesia Ambon Pt Telkom Indonesia
114.108.195.1 Philippines San Juan Skybroadband 

 

but i used it i think over a month ago on google chrome i changed my name on facebook i use an indonesian proxy on chrome idk if thats the one 

The philippines one its my internet service provider SKYBROADBAND but i don't know that ip 

what does these 2 ip actually do to my computer? and how do i remove it please thanks


Edited by Nyjal-, 19 August 2016 - 12:11 PM.


#13 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 12:08 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Daniel (20-08-2016 01:07:40) Run:1
Running from C:\Users\Daniel\Desktop\sd
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {a3720b70-681e-11e5-be82-448a5b9ac8ba} - "I:\setup.exe" 
HKU\S-1-5-21-903814144-441885261-1225124989-1001\...\MountPoints2: {da43d440-c40e-11e5-bfc9-448a5b9ac8ba} - "G:\setup.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
R3 gkernel; D:\Temp\gkernel.sys [44544 2016-08-19] ()
D:\Temp\gkernel.sys
S3 cpuz139; \??\D:\Temp\cpuz139\cpuz139_x64.sys [X]
2016-08-04 10:52 - 2016-08-04 10:52 - 00002314 _____ C:\WINDOWS\System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0}
2016-08-04 10:52 - 2016-08-04 10:52 - 00002308 _____ C:\WINDOWS\System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071}
D:\Temp\89D1.tmp.node
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-21-903814144-441885261-1225124989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3720b70-681e-11e5-be82-448a5b9ac8ba}" => key removed successfully
HKCR\CLSID\{a3720b70-681e-11e5-be82-448a5b9ac8ba} => key not found. 
"HKU\S-1-5-21-903814144-441885261-1225124989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da43d440-c40e-11e5-bfc9-448a5b9ac8ba}" => key removed successfully
HKCR\CLSID\{da43d440-c40e-11e5-bfc9-448a5b9ac8ba} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => key removed successfully
gkernel => Unable to stop service.
gkernel => service removed successfully
Could not move "D:\Temp\gkernel.sys" => Scheduled to move on reboot.
cpuz139 => service removed successfully
C:\WINDOWS\System32\Tasks\{B45EA0A6-3B3B-4DE9-8545-A88476D307F0} => moved successfully
C:\WINDOWS\System32\Tasks\{73BD1564-94F3-4C5E-A2FB-846F09850071} => moved successfully
D:\Temp\89D1.tmp.node => moved successfully
"HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Classes\regfile" => key removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-08-2016 01:08:22)
 
D:\Temp\gkernel.sys => moved successfully
 
==== End of Fixlog 01:08:22 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 AM

Posted 19 August 2016 - 12:22 PM

Greetings,

It is important to reply to these 2 questions so I can understand how to help you:
 

What symptoms are you noticing that make you believe you might be infected?
Update on system performance


No need to quote what I have posted.

We will remove the entries since it looks like you use the Google DNS Server (8.8.8.8 8.8.4.4) anyway.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [DhcpNameServer] 114.108.195.1 114.108.193.201
RemoveProxy:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 Nyjal-

Nyjal-
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 August 2016 - 12:32 PM

Greetings,

It is important to reply to these 2 questions so I can understand how to help you:
 

What symptoms are you noticing that make you believe you might be infected?
Update on system performance


No need to quote what I have posted.

We will remove the entries since it looks like you use the Google DNS Server (8.8.8.8 8.8.4.4) anyway.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [DhcpNameServer] 114.108.195.1 114.108.193.201
RemoveProxy:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog

 

 

No System Slow or issues
CPU GPU Load temp fine
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Daniel (20-08-2016 01:28:30) Run:1
Running from C:\Users\Daniel\Desktop\sd
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201
Tcpip\..\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}: [DhcpNameServer] 114.108.195.1 114.108.193.201
RemoveProxy:
emptytemp:
*****************
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{431a2cbf-1da8-4673-9648-bf2212cf3f72}\\DhcpNameServer => value removed successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-903814144-441885261-1225124989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-903814144-441885261-1225124989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-903814144-441885261-1225124989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 5523268 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31967903 B
Java, Flash, Steam htmlcache => 406327349 B
Windows/system/drivers => 18161 B
Edge => 6483847 B
Chrome => 772749436 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Daniel => 1514319 B
 
RecycleBin => 147779029 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:28:34 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users