Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus removal/malware logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 AlphaDanny

AlphaDanny

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 09 September 2016 - 02:58 PM

Hi, I followed the steps that were asked here and I'd like to know what I need to do next. What I need to put in the fixlog.txtAttached File  df.png   30.32KB   0 downloads

 

Here are my files FRST.txt and Addition.exe

 

My computer is repeatedly starting multiple processes when I start it. Example attached. This is causing my computer to perform extremely slow. Please help ASAP. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Josh_x (administrator) on EDMLIFE (08-09-2016 10:53:27)
Running from C:\Users\Josh_x\Desktop
Loaded Profiles: Josh_x (Available Profiles: Josh_x)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Josh_x\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Oracle Corporation) C:\Users\Josh_x\Favorites\Sound\Sound.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-18] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-09] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-10] (TOSHIBA)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-13] (Razer Inc)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-04-01] (QFX Software Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-04-01] (AppEx Networks Corporation)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [Spotify Web Helper] => C:\Users\Josh_x\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-25] (Spotify Ltd)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [Spotify] => C:\Users\Josh_x\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-25] (Spotify Ltd)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [Discord] => C:\Users\Josh_x\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Run: [SkypeToolPack] => C:\Users\Josh_x\AppData\Local\Skype Tool Pack\Skype Tool Pack.exe [2559488 2016-06-28] (HGCommunity)
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\MountPoints2: {b013c6ac-fe8a-11e5-8269-645a04d332b4} - "F:\HPLauncher.exe" 
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\MountPoints2: {ed935c30-61ea-11e6-82b2-008cfa81b3bf} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{06351861-4df3-4fcc-8b9b-aa55bb05967a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0f4de3c4-b97e-4801-b653-6f0efeb7236a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{dcb2e6db-7cb2-4ce3-bb7e-4213fb7c86a8}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2876923373-2406336335-375998269-1001 -> DefaultScope {2071E3CA-FB0F-40ED-8B9F-B8CBA2344B1F} URL = 
SearchScopes: HKU\S-1-5-21-2876923373-2406336335-375998269-1001 -> {2071E3CA-FB0F-40ED-8B9F-B8CBA2344B1F} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)
 
FireFox:
========
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2876923373-2406336335-375998269-1001: @nsroblox.roblox.com/launcher -> C:\Users\Josh_x\AppData\Local\Roblox\Versions\version-2a3769b753884f05\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2876923373-2406336335-375998269-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Josh_x\AppData\Local\Roblox\Versions\version-2a3769b753884f05\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2876923373-2406336335-375998269-1001: SkypePlugin -> C:\Users\Josh_x\AppData\Local\SkypePlugin\7.23.0.54\npGatewayNpapi.dll [2016-08-11] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2876923373-2406336335-375998269-1001: SkypePlugin64 -> C:\Users\Josh_x\AppData\Local\SkypePlugin\7.23.0.54\npGatewayNpapi-x64.dll [2016-08-11] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR Profile: C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-29]
CHR Extension: (Adventure-Jump ) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihfdjjlcbgjjbimeelfboaagfilpdcl [2016-07-24]
CHR Extension: (Skype Calling) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-29]
CHR Extension: (Adblock Plus) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-26]
CHR Extension: (Adblock for Youtube™) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-30]
CHR Extension: (SlitherPlus - Zoom, Skin Creator, Mod) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbghpalffgmgocmnigfhalghmaemffo [2016-07-05]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2016-08-05]
CHR Extension: (Google Sheets) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Stylish) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-07-20]
CHR Extension: (EditThisCookie) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-03-30]
CHR Extension: (ROBLOX+) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2016-09-05]
CHR Extension: (TubeBuddy) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR Extension: (Chither.com - insane slither & agar.io bots !) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmedcepkcjldmmkmfkeniapbaedjlfic [2016-08-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2015-02-15] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-28] (Broadcom Corporation.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-13] (DisplayLink Corp.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-09] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-29] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-29] (Advanced Micro Devices)
R3 AVer330USB; C:\Windows\system32\DRIVERS\AVer330USB.sys [1551616 2015-04-09] (AVerMedia TECHNOLOGIES, Inc.)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2016-03-29] (Broadcom Corporation)
S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [954368 2016-03-29] (Microsoft Corporation) [File not signed]
S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [84992 2016-03-29] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1488.0.sys [67344 2016-03-10] ()
S3 ElgatoVAD; C:\Windows\system32\DRIVERS\ElgatoVAD.sys [28800 2016-06-20] (Elgato Systems GmbH)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-19] (QFX Software Corporation)
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-04-16] (Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
R3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2016-05-13] (hxxp://libusb-win32.sourceforge.net)
S3 mmpDrv; C:\Windows\system32\Drivers\mmpDrv.sys [21008 2012-10-19] (<company name here>)
S3 mmpguidrv; C:\Windows\system32\Drivers\MmpGuiDrv.sys [12304 2012-10-19] ()
S3 NdisImPlatformMp; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [50880 2015-10-09] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-08 10:32 - 2016-09-08 11:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Update
2016-09-08 07:40 - 2016-09-08 07:40 - 00080394 _____ C:\Users\Josh_x\Downloads\Geometry_Section_1.pdf
2016-09-08 07:34 - 2016-09-08 07:34 - 00315081 _____ C:\Users\Josh_x\Downloads\Geometry 1.5 Homework.pdf
2016-09-07 10:51 - 2016-09-07 10:51 - 00194560 _____ C:\Users\Josh_x\Downloads\ch_04.ppt
2016-09-07 06:04 - 2016-09-07 06:05 - 00280796 _____ C:\WINDOWS\Minidump\090716-12562-01.dmp
2016-09-05 11:18 - 2016-09-05 11:18 - 00251719 _____ C:\Users\Josh_x\Downloads\Semjases FIX Msg.zip
2016-09-04 02:20 - 2016-09-08 07:55 - 06662856 _____ (Tim Kosse) C:\Users\Josh_x\Downloads\FileZilla_3.21.0_win64-setup.exe
2016-09-02 03:34 - 2016-09-02 03:35 - 16501035 _____ C:\Users\Josh_x\Downloads\NYCityscapesJohnnyWLam.themepack
2016-09-02 03:33 - 2016-09-02 03:33 - 08415804 _____ C:\Users\Josh_x\Downloads\PanoramicCityscapes.deskthemepack
2016-08-31 08:49 - 2016-09-05 13:26 - 00001491 _____ C:\Users\Josh_x\Desktop\ROBLOX Studio.lnk
2016-08-31 08:49 - 2016-09-05 13:26 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-08-31 08:49 - 2016-09-05 07:29 - 00001479 _____ C:\Users\Josh_x\Desktop\ROBLOX Player.lnk
2016-08-31 07:43 - 2016-08-31 07:43 - 00000132 _____ C:\Users\Josh_x\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-30 11:00 - 2016-08-30 11:00 - 05375282 _____ C:\Users\Josh_x\Desktop\hw.psd
2016-08-30 09:17 - 2016-08-30 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-08-30 09:17 - 2016-08-30 09:17 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-08-30 08:51 - 2016-09-08 10:53 - 00000000 ____D C:\Users\Josh_x\Desktop\FRST-OlderVersion
2016-08-30 08:51 - 2016-08-30 08:54 - 00018396 _____ C:\Users\Josh_x\Desktop\Fixlog.txt
2016-08-29 07:10 - 2016-08-29 07:10 - 00714778 _____ C:\Users\Josh_x\Downloads\Instagram Bot v3.rar
2016-08-27 05:37 - 2016-08-27 05:39 - 00048232 _____ C:\Users\Josh_x\Desktop\Addition.txt
2016-08-27 05:35 - 2016-09-08 10:56 - 00026943 _____ C:\Users\Josh_x\Desktop\FRST.txt
2016-08-27 05:35 - 2016-09-08 10:53 - 00000000 ____D C:\FRST
2016-08-27 05:34 - 2016-09-08 10:53 - 02397696 _____ (Farbar) C:\Users\Josh_x\Desktop\FRST64.exe
2016-08-27 05:29 - 2016-08-27 05:29 - 00000220 _____ C:\Users\Josh_x\RfFceaKHcDZaFLIZiVLLY.cmd
2016-08-26 23:12 - 2016-08-26 23:12 - 05651240 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 03320664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 03319968 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 03126240 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 02739248 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 02231696 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01991776 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01403096 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01381120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01358064 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01354800 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01233072 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01185184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01059680 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01017432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00982248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00979280 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00940640 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00889888 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00759200 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00704688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00693024 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00692512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00632352 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00615160 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00588632 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00545816 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00527824 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00513712 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00459832 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00440736 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00399456 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00342272 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00339128 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00333280 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00283920 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00242768 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00232704 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00225496 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00203440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00168936 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00128504 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00100544 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00097912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00093144 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00085096 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 72529432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-26 23:09 - 2016-08-26 23:09 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 03208440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02903800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-26 23:09 - 2016-08-26 23:09 - 02119288 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02081792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02058872 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00267560 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00131016 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00127288 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00114008 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-08-26 09:19 - 2016-08-26 09:19 - 00819552 _____ C:\Users\Josh_x\Downloads\REBUG_TOOLBOX_02.02.09.pkg
2016-08-19 09:14 - 2016-08-19 09:16 - 00000000 ____D C:\Users\Josh_x\AppData\Local\SkypePlugin
2016-08-18 08:49 - 2016-08-18 08:49 - 00000000 ____D C:\Users\Josh_x\Documents\ROBLOX
2016-08-16 12:56 - 2016-08-16 12:56 - 00873333 _____ C:\Users\Josh_x\Downloads\ZippyModss Skype Tool 4.0.zip
2016-08-16 12:20 - 2016-08-22 01:46 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Imminent
2016-08-16 12:20 - 2016-08-15 21:57 - 00312336 ___SH C:\Users\Josh_x\AppData\Roaming\YddNBGZaaOXh
2016-08-16 12:20 - 2016-08-15 21:57 - 00036463 ___SH C:\Users\Josh_x\AppData\Roaming\YAcOedHbWSUhQPhDAdF
2016-08-12 18:44 - 2016-08-12 18:45 - 170101932 _____ C:\Users\Josh_x\Downloads\DEX PS3 OFFICIAL FIRMWARE OFW 3.55 [DOWNGRADER DEX].PUP
2016-08-10 23:00 - 2016-08-03 21:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 23:00 - 2016-08-03 21:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 23:00 - 2016-08-03 21:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 23:00 - 2016-08-03 20:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 23:00 - 2016-08-03 20:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 23:00 - 2016-08-03 20:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 23:00 - 2016-08-03 20:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 23:00 - 2016-08-03 20:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 23:00 - 2016-08-03 20:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 23:00 - 2016-08-03 20:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 23:00 - 2016-08-03 20:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 23:00 - 2016-08-03 20:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 23:00 - 2016-08-03 20:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 23:00 - 2016-08-03 20:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 23:00 - 2016-08-03 20:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 23:00 - 2016-08-03 20:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 23:00 - 2016-08-03 20:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 23:00 - 2016-08-03 20:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 23:00 - 2016-08-03 20:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 23:00 - 2016-08-03 20:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 23:00 - 2016-08-03 20:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 23:00 - 2016-08-03 20:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 23:00 - 2016-08-03 20:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 23:00 - 2016-08-03 20:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 23:00 - 2016-08-03 20:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 23:00 - 2016-08-03 20:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 23:00 - 2016-08-03 19:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 23:00 - 2016-08-03 19:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 23:00 - 2016-08-03 19:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 23:00 - 2016-08-03 19:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 23:00 - 2016-08-03 19:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 23:00 - 2016-08-03 19:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 23:00 - 2016-08-03 19:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 23:00 - 2016-08-03 19:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 23:00 - 2016-08-03 19:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 23:00 - 2016-08-03 19:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 23:00 - 2016-08-03 19:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 23:00 - 2016-08-03 19:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 23:00 - 2016-08-03 19:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 23:00 - 2016-08-03 19:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 23:00 - 2016-08-03 19:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 23:00 - 2016-08-03 19:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 23:00 - 2016-08-03 19:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 23:00 - 2016-08-03 19:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 23:00 - 2016-08-03 19:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 23:00 - 2016-08-03 19:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 23:00 - 2016-08-03 19:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 23:00 - 2016-08-03 19:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 23:00 - 2016-08-03 19:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 23:00 - 2016-08-03 19:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 23:00 - 2016-08-03 19:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 23:00 - 2016-08-03 19:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 23:00 - 2016-08-03 19:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 23:00 - 2016-08-03 19:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 23:00 - 2016-08-03 19:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 23:00 - 2016-08-03 19:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 23:00 - 2016-08-03 19:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 23:00 - 2016-08-03 19:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 23:00 - 2016-08-03 19:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 23:00 - 2016-08-03 19:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 23:00 - 2016-08-03 19:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 23:00 - 2016-08-03 19:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 23:00 - 2016-08-03 19:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 23:00 - 2016-08-03 19:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 23:00 - 2016-08-03 19:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 23:00 - 2016-08-03 19:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 23:00 - 2016-08-03 19:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 23:00 - 2016-08-03 19:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 23:00 - 2016-08-03 19:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 23:00 - 2016-08-03 19:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 23:00 - 2016-08-03 19:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 23:00 - 2016-08-03 19:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 23:00 - 2016-08-03 19:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 23:00 - 2016-08-03 19:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 23:00 - 2016-08-03 19:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 23:00 - 2016-08-03 19:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 23:00 - 2016-08-03 19:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 23:00 - 2016-08-03 19:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 23:00 - 2016-08-03 19:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 23:00 - 2016-08-03 19:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 23:00 - 2016-08-03 19:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 23:00 - 2016-08-03 19:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 23:00 - 2016-08-03 19:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 23:00 - 2016-08-03 19:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 23:00 - 2016-08-03 19:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 23:00 - 2016-08-03 19:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 23:00 - 2016-08-03 19:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 23:00 - 2016-08-03 19:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 23:00 - 2016-08-03 19:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 23:00 - 2016-08-03 15:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 23:00 - 2016-08-03 15:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 23:00 - 2016-08-03 15:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 23:00 - 2016-08-03 15:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 23:00 - 2016-08-03 15:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 23:00 - 2016-08-03 15:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 23:00 - 2016-08-03 15:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 23:00 - 2016-08-03 15:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 23:00 - 2016-08-03 15:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 23:00 - 2016-08-03 15:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 23:00 - 2016-08-03 14:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 23:00 - 2016-08-03 14:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 23:00 - 2016-08-03 14:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 23:00 - 2016-08-03 14:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 23:00 - 2016-08-03 14:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 23:00 - 2016-08-03 14:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 23:00 - 2016-08-03 14:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 23:00 - 2016-08-03 14:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 23:00 - 2016-08-03 14:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 23:00 - 2016-08-03 14:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 23:00 - 2016-08-03 14:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 23:00 - 2016-08-03 14:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 23:00 - 2016-08-03 14:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 23:00 - 2016-08-03 14:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 23:00 - 2016-08-03 14:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 23:00 - 2016-08-03 14:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 23:00 - 2016-08-03 14:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 23:00 - 2016-08-03 14:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 23:00 - 2016-08-03 14:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 23:00 - 2016-08-03 14:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 23:00 - 2016-08-03 14:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 23:00 - 2016-08-03 14:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 23:00 - 2016-08-03 14:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 23:00 - 2016-08-03 14:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 23:00 - 2016-08-03 14:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 23:00 - 2016-08-03 14:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 23:00 - 2016-08-03 14:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 23:00 - 2016-08-03 14:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 23:00 - 2016-08-03 14:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 23:00 - 2016-08-03 14:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 23:00 - 2016-08-03 14:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 23:00 - 2016-08-03 14:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 23:00 - 2016-08-03 14:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 19:31 - 2016-08-09 19:56 - 00000249 _____ C:\Users\Josh_x\Documents\instagram 4letters.txt
2016-08-09 17:59 - 2016-08-29 07:11 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Net Seal
2016-08-09 17:41 - 2016-08-09 17:44 - 45208724 _____ C:\Users\Josh_x\Downloads\MLG Hillary Clinton.mp4
2016-08-09 17:14 - 2016-08-09 17:14 - 00000000 ____D C:\Users\Josh_x\AppData\Local\IsolatedStorage
2016-08-09 17:13 - 2016-08-26 07:48 - 00000000 ____D C:\Program Files\Elgato
2016-08-09 17:13 - 2016-08-09 17:14 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Elgato
2016-08-09 16:51 - 2016-08-09 16:52 - 213788048 _____ C:\Users\Josh_x\Downloads\REBUG_4.75.3_D-REX_PS3UPDAT.PUP
2016-08-09 16:38 - 2016-08-09 16:40 - 194248637 _____ C:\Users\Josh_x\Downloads\REBUG_3.55.4_999_DGR_PS3UPDAT.PUP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-08 11:23 - 2016-03-30 00:19 - 00000000 ____D C:\Users\Josh_x\AppData\Local\CrashDumps
2016-09-08 11:13 - 2016-03-29 23:52 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-08 11:13 - 2016-03-29 23:52 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-08 10:47 - 2016-04-18 04:59 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-08 10:47 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-08 10:40 - 2016-04-16 09:28 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-09-08 10:40 - 2016-02-13 23:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-08 10:40 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-08 10:34 - 2016-03-30 01:47 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\WinRAR
2016-09-08 10:32 - 2016-07-17 14:16 - 00000000 ____D C:\Users\Josh_x\Documents\iMuS_Freeze
2016-09-08 07:55 - 2016-03-30 03:00 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\FileZilla
2016-09-08 07:42 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-08 06:33 - 2016-03-29 23:51 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E177EBD1-1FFE-42BB-A6ED-7B8D0891BBF4}
2016-09-07 11:43 - 2016-04-16 09:32 - 00000000 ____D C:\Users\Josh_x
2016-09-07 10:58 - 2016-03-30 02:21 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Skype
2016-09-07 06:15 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 06:04 - 2016-04-27 04:59 - 722415075 _____ C:\WINDOWS\MEMORY.DMP
2016-09-07 06:04 - 2016-04-27 04:59 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-04 13:15 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-04 13:15 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 12:24 - 2016-04-04 08:44 - 00000000 ____D C:\Users\Josh_x\AppData\Local\Roblox
2016-08-31 11:08 - 2016-04-04 08:44 - 00000250 _____ C:\Users\Josh_x\AppData\LocalLow\rbxcsettings.rbx
2016-08-28 10:42 - 2016-04-16 09:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-27 05:20 - 2016-06-12 11:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-26 23:09 - 2016-03-29 15:38 - 05217792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-26 23:09 - 2016-03-29 15:38 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-26 09:19 - 2016-03-30 02:35 - 00000000 ____D C:\Users\Josh_x\Documents\School
2016-08-26 06:39 - 2016-06-11 10:30 - 00002287 _____ C:\Users\Josh_x\Desktop\Discord.lnk
2016-08-26 06:39 - 2016-06-11 10:30 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-26 06:39 - 2016-06-11 10:30 - 00000000 ____D C:\Users\Josh_x\AppData\Roaming\discord
2016-08-26 06:39 - 2016-06-11 10:30 - 00000000 ____D C:\Users\Josh_x\AppData\Local\Discord
2016-08-19 09:21 - 2016-03-30 02:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-19 09:21 - 2016-03-30 02:20 - 00000000 ____D C:\ProgramData\Skype
2016-08-19 09:10 - 2016-07-10 17:28 - 00002335 _____ C:\Users\Josh_x\Desktop\Skype Tool Pack.lnk
2016-08-14 01:01 - 2016-03-30 00:15 - 00000000 ____D C:\Users\Josh_x\Desktop\JB Stuff
2016-08-13 14:55 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 09:07 - 2016-02-13 23:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 00:28 - 2016-02-13 23:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 00:28 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 00:28 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-11 00:28 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-10 23:16 - 2016-04-02 04:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 23:16 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 23:08 - 2016-04-02 04:02 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 13:16 - 2016-08-08 12:33 - 09174960 _____ C:\Users\Josh_x\Downloads\Release.zip
 
==================== Files in the root of some directories =======
 
2016-07-04 14:28 - 2016-07-03 22:30 - 0036798 ___SH () C:\Users\Josh_x\AppData\Roaming\ABVICTLRUQDXViVEUPI
2016-08-31 07:43 - 2016-08-31 07:43 - 0000132 _____ () C:\Users\Josh_x\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-07-15 19:49 - 2016-07-14 13:17 - 0036534 ___SH () C:\Users\Josh_x\AppData\Roaming\EPVVQMDaCMcfhYAQGTE
2016-07-04 14:28 - 2016-07-03 22:30 - 0311824 ___SH () C:\Users\Josh_x\AppData\Roaming\KUUKBCbHRXBR
2016-07-09 11:47 - 2016-07-07 16:40 - 0036462 ___SH () C:\Users\Josh_x\AppData\Roaming\ShMAfcZGWagYIbHMPPe
2016-07-09 11:47 - 2016-07-07 16:40 - 0312336 ___SH () C:\Users\Josh_x\AppData\Roaming\SUUdULXDRYGT
2016-07-15 19:49 - 2016-07-14 13:17 - 0311824 ___SH () C:\Users\Josh_x\AppData\Roaming\XJfMWDhiZXFK
2016-08-16 12:20 - 2016-08-15 21:57 - 0036463 ___SH () C:\Users\Josh_x\AppData\Roaming\YAcOedHbWSUhQPhDAdF
2016-08-16 12:20 - 2016-08-15 21:57 - 0312336 ___SH () C:\Users\Josh_x\AppData\Roaming\YddNBGZaaOXh
2016-04-29 10:29 - 2016-04-29 10:29 - 0007612 _____ () C:\Users\Josh_x\AppData\Local\Resmon.ResmonCfg
2016-03-30 09:34 - 2016-03-30 09:34 - 0000003 _____ () C:\Users\Josh_x\AppData\Local\updater.log
2016-03-30 09:34 - 2016-08-07 08:40 - 0000424 _____ () C:\Users\Josh_x\AppData\Local\UserProducts.xml
2016-04-16 09:29 - 2016-04-16 09:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Josh_x\RfFceaKHcDZaFLIZiVLLY.cmd
 
 
Some files in TEMP:
====================
C:\Users\Josh_x\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-04 13:14
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Josh_x (27-08-2016 05:37:10)
Running from C:\Users\Josh_x\Desktop
Windows 10 Home Version 1511 (X64) (2016-04-17 18:54:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2876923373-2406336335-375998269-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2876923373-2406336335-375998269-503 - Limited - Disabled)
Guest (S-1-5-21-2876923373-2406336335-375998269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2876923373-2406336335-375998269-1003 - Limited - Enabled)
Josh_x (S-1-5-21-2876923373-2406336335-375998269-1001 - Administrator - Enabled) => C:\Users\Josh_x
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Absolute Uninstaller 5.3.1.20 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.20 - Glarysoft Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{69ECE411-BF4A-2984-AFD5-8EEB829C5B2C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.1 - AppEx Networks)
AVerMedia GL710 Live Gamer Portable 3.7.0.37 (HKLM-x32\...\AVerMedia GL710 Live Gamer Portable) (Version: 3.7.0.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia Live Gamer Portable Stream Engine 1.3.0.13 (HKLM-x32\...\AVerMedia Live Gamer Portable Stream Engine) (Version: 1.3.0.13 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.96.2015111701 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.96.2015111701 - AVerMedia Technologies, Inc.) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Black Ops 2 - GSC Studio (HKLM-x32\...\{909C0DF9-6BBE-42BD-8FB2-0ADEBA3459B6}_is1) (Version: 16.2.15.0 - iMCS Productions)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation)
Chroma Sync (HKLM-x32\...\{BC8D681E-1F5D-4C68-8E3E-A9A614D66C14}) (Version: 1.1.1 - Ultrabox Entertainment Limited)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DisplayLink Core Software (HKLM\...\{22ED06F1-2432-4D16-B4DC-2DF4A7ACD54A}) (Version: 7.9.1488.0 - DisplayLink Corp.)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.9.0.3 - QFX Software Corporation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM-x32\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniAide Fat32 Formatter Home Edition version 1.05 (HKLM-x32\...\{C206CD7D-7CFE-4F0C-BC68-8873CDE3A5F5}_is1) (Version: 1.05 - MiniAide Tech Development Co., Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.)
ROBLOX Player for Josh_x (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Josh_x (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Skype Tool Pack (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Skype Tool Pack 1.0.0) (Version: 1.0.0 - HGCommunity)
Skype Tool Pack (x32 Version: 1.0.0 - HGCommunity) Hidden
Skype Web Plugin (HKLM-x32\...\{0A95D1F2-BF33-43E7-A32B-E8089182EAE7}) (Version: 7.23.0.54 - Skype Technologies S.A.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Source SDK Base 2006 (HKLM\...\Steam App 215) (Version:  - Valve)
Spotify (HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.22 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2876923373-2406336335-375998269-1001_Classes\CLSID\{49ACECA8-A1DF-467E-8FED-CCC810B1434E}\localserver32 -> C:\Users\Josh_x\AppData\Local\SkypePlugin\7.23.0.54\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2876923373-2406336335-375998269-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Josh_x\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2876923373-2406336335-375998269-1001_Classes\CLSID\{7E3A041F-59E4-45ED-85BB-0DC57685CC7B}\InprocServer32 -> C:\Users\Josh_x\AppData\Local\SkypePlugin\7.23.0.54\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2876923373-2406336335-375998269-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Josh_x\AppData\Local\SkypePlugin\7.23.0.54\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2876923373-2406336335-375998269-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Josh_x\AppData\Local\Roblox\Versions\version-e6d872d544b64cd9\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05949630-EE2E-4E9F-BB1F-A89BC72B15C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11CE7E58-E0FD-44D7-A699-5F3699BA2C7C} - System32\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-29] ()
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {29803F7B-1B8C-42E8-8FF4-270FBC3E6C5A} - System32\Tasks\{CB64F256-07D1-4DE6-8B17-CBF8A3A2BDF1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7A23CE40-3F2F-42E7-8F01-3BB766016D19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {7A257C24-1FA1-481D-924B-44BE7F8162C8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-09] (Synaptics Incorporated)
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6C58CBF-03F0-4A87-BD3A-C2B8BB97D456} - System32\Tasks\{3B12FE2D-2824-40AF-BA57-B5E7D3C87A14} => pcalua.exe -a C:\Users\Josh_x\AppData\Local\Roblox\Versions\version-fe7696f13e4e4f07\RobloxPlayerLauncher.exe -c -uninstall
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CF8A0D65-EEAE-43D5-8695-AD8679E2A66F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-04] (TOSHIBA Corporation)
Task: {DC6AFAC3-B3C8-4CA1-81F7-D0447907FF77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5334FE7-A758-4C58-87D3-778BED5F0FDB} - System32\Tasks\{972459AB-D61E-4D54-A2D8-2E96C89F9087} => pcalua.exe -a C:\Users\Josh_x\AppData\Local\Roblox\Versions\version-ee338271909542da\RobloxPlayerLauncher.exe -c -uninstall
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Josh_x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-02-15 16:44 - 2015-02-15 16:44 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-11-05 09:11 - 2015-11-05 09:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-07-13 09:48 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-13 01:20 - 2016-02-13 01:20 - 01652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2016-07-13 09:48 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 09:38 - 2016-04-26 09:38 - 00959176 _____ () C:\Users\Josh_x\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-07-13 09:48 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 09:48 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-20 07:08 - 2016-04-20 07:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 22:54 - 2016-02-13 22:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 09:49 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-07-19 11:38 - 2012-07-19 11:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-06-15 12:39 - 2016-06-15 12:39 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-02-15 16:44 - 2015-02-15 16:44 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2016-07-13 09:48 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 09:48 - 2016-07-01 13:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-13 09:48 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-20 07:08 - 2016-04-20 07:08 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 07:08 - 2016-04-20 07:08 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-26 06:39 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Josh_x\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-26 06:39 - 2016-08-26 06:39 - 01050296 _____ () \\?\C:\Users\Josh_x\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-26 06:39 - 2016-08-26 06:39 - 03793080 _____ () \\?\C:\Users\Josh_x\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-26 06:39 - 2016-08-26 06:39 - 00894136 _____ () \\?\C:\Users\Josh_x\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-06-01 14:01 - 2016-08-27 05:19 - 00619840 _____ () C:\Users\Josh_x\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2016-08-26 06:39 - 2016-08-26 06:39 - 01119416 _____ () \\?\C:\Users\Josh_x\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2013-05-15 11:57 - 2013-05-15 11:57 - 00626688 _____ () C:\Program Files (x86)\AVerMedia\AVerMedia Stream Engine\Filter\sptlib21.dll
2016-08-26 06:39 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Josh_x\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-26 06:39 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Josh_x\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-07-22 20:14 - 2016-07-22 20:14 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-08-27 05:19 - 2016-08-27 05:19 - 00170496 _____ () \\?\C:\Users\Josh_x\AppData\Local\Temp\1A49.tmp.node
2015-10-30 17:17 - 2015-10-30 17:17 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-10-30 17:17 - 2015-10-30 17:17 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2016-08-05 09:14 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-05 09:14 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-04-19 08:13 - 2015-10-07 05:26 - 50656768 _____ () C:\Users\Josh_x\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-04-19 08:13 - 2015-10-07 05:26 - 01874944 _____ () C:\Users\Josh_x\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-04-19 08:13 - 2015-10-07 05:26 - 00075264 _____ () C:\Users\Josh_x\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-06-12 11:41 - 2016-08-09 09:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-12 11:41 - 2015-07-02 08:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-12 11:41 - 2016-08-24 05:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-12 11:41 - 2016-01-27 17:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-12 11:41 - 2016-01-27 17:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-12 11:41 - 2016-01-27 17:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-12 11:41 - 2016-01-27 17:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-12 11:41 - 2016-01-27 17:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-12 11:41 - 2015-07-02 08:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-12 11:41 - 2015-07-02 08:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-12 11:41 - 2016-08-24 05:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-12 11:41 - 2016-07-05 08:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-12 11:41 - 2016-08-05 06:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 23:25 - 2016-07-08 15:54 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\String Lake - Grand Tetons.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\StartupFolder: => "SUUdULXDRYGTUaXZ.cmd.lnk"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\StartupFolder: => "KUUKBCbHRXBRUDPC.cmd.lnk"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\StartupFolder: => "XJfMWDhiZXFKHECK.cmd.lnk"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "SkypeToolPack"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "fastweb"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2876923373-2406336335-375998269-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FDC2F5F2-62E6-455E-B1CD-59E5B7582178}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{4410106A-D3DE-4E96-B3B5-713993205D8D}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{B732ADB5-C9F5-4965-ADD8-4F23F477B163}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10F6AC50-0434-4AEC-B2ED-C318AEC0592B}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7AE41F66-2E7E-439A-A574-2A45FAAD39AA}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96516B57-9C44-492B-B99C-82E07AD9590A}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BCBFED2-84C4-49DD-BA31-8FC864694F42}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE5B60BD-A56E-4C6C-B5A2-C96116EDB03A}] => (Allow) C:\Users\Josh_x\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{7FF68D83-10B5-458B-AE9F-81834ED80F47}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C068AAD5-4B9A-462B-816D-586177CFA3DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{264B3063-326B-4E74-9442-F6D79A1076FC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CAB52957-367D-462D-9618-D271583C6E87}] => (Allow) LPort=2869
FirewallRules: [{B8D15B9E-D614-4210-93CB-8093CC2F4313}] => (Allow) LPort=1900
FirewallRules: [{253DE1E7-F029-4329-9459-5BB596DF5DBB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7722F01F-3659-4F58-B278-9B301969976B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E930BA7-259A-4239-A94B-7E90D7CBC579}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{501076F1-FE51-484F-940A-5996F7858888}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{7A2419E6-EC37-4035-AD89-12B0BE8B3821}C:\users\josh_x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh_x\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2F69E470-AA2D-418F-A96D-38AF9E2D3955}C:\users\josh_x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh_x\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{228C192E-D114-434D-AC9D-1BB1F16B79F6}C:\users\josh_x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh_x\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C63815DF-0BE5-4CE6-ABD3-AA6941C8A826}C:\users\josh_x\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josh_x\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{04303596-B66F-4F4C-8DE0-E7A48D220F1A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{47BD8208-A622-4692-B899-B37D6EBDCEBA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{3D25F3C3-2918-43E5-9D4B-47979A2FB6A4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{6FFA9896-2EA7-4FD5-870B-D0FB2905F323}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{3D181854-8C0C-488F-B122-1730DAFEFFB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{4C096208-371B-408D-AD0F-F43113765503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{8A08EE83-D4DE-4801-A9B5-5A624F152F33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{04501133-6CD5-44C7-BD8E-5810DAA07BE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [TCP Query User{81D32C90-7F05-4D19-8466-00ACA8D48162}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{A4639EEC-EA4D-4722-81C7-62D530269F77}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{9AED91EC-28E9-40FC-9B51-4CA2F36C0D9A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7D060140-95CE-4EEE-ABBB-420218852583}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C983EA61-E87E-4257-8EC6-EE51F0B46869}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A93ABCB0-878D-4282-AB03-CEB3FCF255B7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{366E913E-E9FA-49C2-A750-B389F566BCD3}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{A3AB5C6D-7FE3-4CCB-8810-0D62EDB6766A}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{7E3AEE3D-718B-434E-AEF2-57868B2D426A}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{03B2B2AC-6D09-4D03-95D1-FBD9C708EB7C}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{0B61FBC8-D260-4BA9-89B3-FD105E3ECDE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{EC8DDFD1-A945-4A70-8CCD-403B0F3F94DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{851D387C-C9A9-44B1-AD36-DE095CA4A04E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{35283B54-E101-42DE-BA82-264A3BD091DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [TCP Query User{796E41A7-74ED-4E5B-9082-17C5EC36AF91}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{6F7CF1DB-5650-4A30-AD14-6259D273FD92}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [{CAE63CCE-FEA0-4872-B791-CFD90024FBA6}] => (Block) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [{EF0A02DD-0EA8-4A7D-A461-03C3CAC9250A}] => (Block) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe
FirewallRules: [TCP Query User{A6F8B0DD-1085-40B4-947E-F220F3771166}C:\users\josh_x\desktop\arcinstaller\chroma android.exe] => (Allow) C:\users\josh_x\desktop\arcinstaller\chroma android.exe
FirewallRules: [UDP Query User{52F6C1B8-BB13-462C-B2A4-A05024396649}C:\users\josh_x\desktop\arcinstaller\chroma android.exe] => (Allow) C:\users\josh_x\desktop\arcinstaller\chroma android.exe
FirewallRules: [{352E074D-06A1-4E9A-8611-54DFFE4CE907}] => (Block) C:\users\josh_x\desktop\arcinstaller\chroma android.exe
FirewallRules: [{0933A82F-F8E8-4AE8-B1B9-65BABAC1A7C8}] => (Block) C:\users\josh_x\desktop\arcinstaller\chroma android.exe
FirewallRules: [{59337FBB-6AC6-4774-923F-F3C3156F4F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CAC643AB-534D-4E99-AAA0-5AD3AF6B1288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BC0AA7D4-B8F1-4E85-9CA8-36ED2F5F8842}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D8ED7B27-A093-4E91-B9A7-A8376EA1EB92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{33597D2E-2BA6-4319-8AC8-EE923EFF76A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BE107151-4E01-41A0-91B1-2ED34F6412EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{116B57D8-3DE9-4473-ADF6-009C8E6BC747}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FF05B60F-0B69-4926-8FED-374A1F5E70DE}C:\users\josh_x\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\josh_x\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{A195B504-1DC9-48F3-92DE-2F756B76BA4A}C:\users\josh_x\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\josh_x\appdata\local\skypeplugin\pluginhost.exe
 
==================== Restore Points =========================
 
01-08-2016 17:13:27 Removed Adobe Reader XI (11.0.03)  MUI.
08-08-2016 23:25:52 Scheduled Checkpoint
22-08-2016 04:57:29 Scheduled Checkpoint
26-08-2016 07:45:46 Removed Elgato Game Capture HD
 
==================== Faulty Device Manager Devices =============
 
Name: AMD PSP 1.0 Device
Description: AMD PSP 1.0 Device
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdpsp
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2016 12:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EDMLIFE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/26/2016 07:45:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/26/2016 07:45:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EDMLIFE)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 07:47:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EDMLIFE)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 07:46:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EDMLIFE)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2016 07:41:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: EDMLIFE)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (08/22/2016 04:57:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/21/2016 02:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: csrss.exe, version: 0.0.0.0, time stamp: 0x57956391
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0244183f
Faulting process id: 0x5d8
Faulting application start time: 0xcsrss.exe0
Faulting application path: csrss.exe1
Faulting module path: csrss.exe2
Report Id: csrss.exe3
Faulting package full name: csrss.exe4
Faulting package-relative application ID: csrss.exe5
 
Error: (08/21/2016 02:07:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: services.exe, version: 0.0.0.0, time stamp: 0x57956391
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0070183f
Faulting process id: 0x1bd0
Faulting application start time: 0xservices.exe0
Faulting application path: services.exe1
Faulting module path: services.exe2
Report Id: services.exe3
Faulting package full name: services.exe4
Faulting package-relative application ID: services.exe5
 
Error: (08/21/2016 02:07:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x57956391
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0077183f
Faulting process id: 0x2dc0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
 
System errors:
=============
Error: (08/27/2016 05:20:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/27/2016 05:20:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (08/27/2016 05:18:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WeatherChiknSrvr service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/27/2016 05:18:24 AM) (Source: DCOM) (EventID: 10010) (User: EDMLIFE)
Description: NLInternal.SharedRecoActivation
 
Error: (08/27/2016 05:18:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_12b28c25 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 05:18:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_12b28c25 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2016 05:18:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_12b28c25 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/26/2016 12:28:35 PM) (Source: DCOM) (EventID: 10010) (User: EDMLIFE)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (08/26/2016 12:28:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_12b28c25 service to connect.
 
Error: (08/26/2016 12:28:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_12b28c25 service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-12 09:07:17.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 04:22:11.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 14:42:35.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-08 18:26:47.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-28 05:20:25.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-26 17:34:35.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-23 11:31:02.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-18 02:19:19.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 10:28:15.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-14 04:49:50.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 46%
Total physical RAM: 7129.26 MB
Available physical RAM: 3841.97 MB
Total Virtual: 8281.26 MB
Available Virtual: 4339.24 MB
 
==================== Drives ================================
 
Drive c: (TI10700500A) (Fixed) (Total:212.43 GB) (Free:83.82 GB) NTFS
Drive d: (Mar 16 2016) (CDROM) (Total:0.69 GB) (Free:0.52 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 07899F12)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 10 September 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this Consumer Input program via the Control Panel > Programs > Programs and Features.
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\Favorites\Sound\Sound.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
(Oracle Corporation) C:\Users\Josh_x\AppData\Local\Microsoft\Windows\{FE268ABB-C940-4C58-9F17-98E54F658A67}\wscript.exe
CHR Extension: (Chrome Web Store Payments) - C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
Task: {14637FB5-777F-4744-A4EC-1FE58F635E29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1E67996C-DF6B-44E7-934B-84EAF5ABA884} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2D72D345-50E9-474F-8849-0BBFDBD251D3} - System32\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {335C745F-40F2-4C16-B611-0E40492386BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6B466DE8-54F6-4232-A44A-CC731D383FA7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F0B4E84-37B8-4EB4-9674-21E527D9770D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71A7E7DF-6341-4E07-9EB2-0EED1C889102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {76105D99-59CE-48A3-8B0B-8F297F6E7720} - System32\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {7BA7DCDE-1B65-4117-9392-2031712DCC18} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {800E14F9-34DF-4F8D-B3E9-ED43B248B3E3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9EC18431-278D-41A6-9814-46E485379D41} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BDF28546-B4E5-44BE-B4FE-D50534453E0E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA808170-E7A9-4B8A-A261-A63129E9E74F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DDABEB25-4F56-4443-811A-D434BF369AC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5D0EF01-435D-4504-A0CA-947A0BC38CFD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2876923373-2406336335-375998269-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\AdeJ5eQLk3f:Q4oEra6uG3sTyAbCQknn [2226]
AlternateDataStreams: C:\Users\Josh_x\AppData\Local\Temp:JM7h1JyYY148D3liJKAdX9sM00u4 [1830]
C:\Users\Josh_x\Favorites\Sound
C:\Users\Josh_x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\WINDOWS\Minidump\090716-12562-01.dmp
C:\Users\Josh_x\RfFceaKHcDZaFLIZiVLLY.cmd


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please post the logs let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 PM

Posted 16 September 2016 - 09:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users