Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have an infection, possible RAT/Botnet


  • This topic is locked This topic is locked
4 replies to this topic

#1 PWL5605

PWL5605

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 19 October 2016 - 10:35 AM

I'm having some odd things going on with my computer, I build it myself and I'm pretty good with figuring out any issues I'm having but I'm stumped when it comes to this. My internet have been very slow as of late, my PC is crashing at times (tends to be during downloads of large games or apps) I'm also having a strange flicker on my screen that only just started to happen and on the edge it looks as if my desktop has another desktop right next to it. The flickering happens when I log in or the computer screen is awoken from a sleep state. I have torrent installed but I don't download any illegal programs, movies, TV, etc... I'm also getting redirect and security changes at times, my BitDefender password has changed and there is now way I'd forget it because I write it down and lock the book in a safe. I have run FRST and I need some help looking through the text. Thank you to any one that helps (also ran GMER)

Also I ran Hijack this and it worked once, it keeps crashing as well for some reason and I get a message I'm not able to access the Host files
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Deplorable Paul (administrator) on PEPE (19-10-2016 11:06:40)
Running from C:\Users\Deplorable Paul\Downloads
Loaded Profiles: Deplorable Paul (Available Profiles: Deplorable Paul)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11606.1001.39.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [320208 2016-09-01] (Bitdefender)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-07-19] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835680 2016-06-14] (MSI)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1022928 2016-07-27] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [11054800 2016-09-14] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKU\S-1-5-21-773808207-1985944678-2648674081-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-773808207-1985944678-2648674081-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [17064656 2016-08-31] (Corsair Components, Inc.)
HKU\S-1-5-21-773808207-1985944678-2648674081-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-10-06]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
BootExecute: autocheck autochk /p \??\G:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2baa674f-49ab-448a-8d62-fad47ae8bdd9}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c16ac7d4-0fdb-4307-b3b1-6763fbbd2cc7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-773808207-1985944678-2648674081-1001] ATTENTION => Default URLSearchHook is missing
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-09-14] (Bitdefender)
Toolbar: HKU\S-1-5-21-773808207-1985944678-2648674081-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-09-14] (Bitdefender)

FireFox:
========
FF DefaultProfile: 5adr6q53.default
FF ProfilePath: C:\Users\Deplorable Paul\AppData\Roaming\Mozilla\Firefox\Profiles\5adr6q53.default [2016-10-19]
FF Extension: (HTTPS Everywhere) - C:\Users\Deplorable Paul\AppData\Roaming\Mozilla\Firefox\Profiles\5adr6q53.default\Extensions\https-everywhere@eff.org.xpi [2016-10-11]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-10-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-10-17] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [83152 2016-08-31] (Corsair Components, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [281152 2016-09-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6556224 2016-10-11] (GOG.com)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [45008 2016-08-25] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-05-16] (Micro-Star INT'L CO., LTD.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 iprip; C:\WINDOWS\System32\iprip.dll [35328 2016-10-17] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-28] (Rivet Networks)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [415520 2015-07-10] (Intel Corporation)
R3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [327168 2016-10-17] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4163680 2016-09-09] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2204768 2016-09-29] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162656 2016-09-29] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2015328 2016-09-29] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2327648 2016-09-29] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-09-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [607160 2016-09-29] (MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2227152 2016-07-19] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2016-08-01] (MSI)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1088944 2016-09-13] (Bitdefender)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [51712 2016-10-17] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2016-10-17] (Microsoft Corporation)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [29648 2015-02-09] (Micro-Star INT'L CO., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-08-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1306832 2016-10-04] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [17720 2015-04-03] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\WINDOWS\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1603264 2016-06-29] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [850464 2016-06-03] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [148040 2016-01-22] (Rivet Networks, LLC.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-09-09] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-09-09] (Corsair)
R3 cpuz139; C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [43328 2016-10-19] (CPUID)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [75360 2016-08-04] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [300840 2016-08-11] (Bitdefender)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-18] (Intel Corporation)
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [157752 2015-09-03] (Qualcomm Atheros, Inc.)
R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [15712 2016-10-17] (Microsoft Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3baaab0007230109\nvlddmkm.sys [14249416 2016-10-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-17] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-03-10] (BitDefender S.R.L.)
R3 TrufosAlt; C:\WINDOWS\System32\DRIVERS\TrufosAlt.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 11:06 - 2016-10-19 11:06 - 06590976 _____ (Bitdefender S.R.L) C:\Users\Deplorable Paul\Downloads\BDSysLog_i(1).exe
2016-10-19 11:06 - 2016-10-19 11:06 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Deplorable Paul\Downloads\FixExec.exe
2016-10-19 11:06 - 2016-10-19 11:06 - 00013563 _____ C:\Users\Deplorable Paul\Downloads\Addition.txt
2016-10-19 11:06 - 2016-10-19 11:06 - 00001982 _____ C:\Users\Deplorable Paul\Desktop\FixExec.txt
2016-10-19 11:05 - 2016-10-19 11:06 - 00021267 _____ C:\Users\Deplorable Paul\Downloads\FRST.txt
2016-10-19 11:05 - 2016-10-19 11:05 - 02407424 _____ (Farbar) C:\Users\Deplorable Paul\Downloads\FRST64.exe
2016-10-19 11:03 - 2016-10-19 11:03 - 06590976 _____ (Bitdefender S.R.L) C:\Users\Deplorable Paul\Downloads\BDSysLog_i.exe
2016-10-19 10:51 - 2016-10-19 10:51 - 00154922 _____ C:\Users\Deplorable Paul\Documents\PEPE.arn
2016-10-19 10:48 - 2016-10-19 10:48 - 00715424 _____ (Sysinternals - www.sysinternals.com) C:\Users\Deplorable Paul\Downloads\autoruns.exe
2016-10-19 10:45 - 2016-10-19 10:47 - 00003003 _____ C:\Users\Deplorable Paul\Downloads\FSS.txt
2016-10-19 10:37 - 2016-10-19 10:37 - 00899584 _____ (Farbar) C:\Users\Deplorable Paul\Downloads\FSS.exe
2016-10-19 09:03 - 2016-10-19 09:04 - 269417168 _____ C:\Users\Deplorable Paul\Downloads\EmsisoftEmergencyKit.exe
2016-10-19 08:55 - 2016-10-19 08:55 - 00203200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-19 08:53 - 2016-10-19 08:53 - 00448512 _____ (OldTimer Tools) C:\Users\Deplorable Paul\Downloads\TFC.exe
2016-10-19 08:53 - 2016-10-19 08:53 - 00001892 _____ C:\Users\Deplorable Paul\Desktop\sc-cleaner.txt
2016-10-19 08:52 - 2016-10-19 08:52 - 00465024 _____ (Bleeping Computer, LLC) C:\Users\Deplorable Paul\Downloads\sc-cleaner.exe
2016-10-18 14:47 - 2016-10-18 14:47 - 00001025 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2016-10-18 14:47 - 2016-10-18 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1
2016-10-18 14:40 - 2016-10-18 14:40 - 00003780 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-10-18 14:40 - 2016-10-18 14:40 - 00002232 _____ C:\Users\Deplorable Paul\Desktop\Tweaking.com - Windows Repair.lnk
2016-10-18 14:32 - 2016-10-18 14:32 - 00003544 _____ C:\Users\Deplorable Paul\Desktop\Rkill.txt
2016-10-18 14:21 - 2016-10-18 14:40 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-10-18 14:21 - 2016-10-18 14:40 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-10-18 14:21 - 2016-10-18 14:21 - 00002323 _____ C:\Users\Deplorable Paul\Desktop\Tweaking.com - Technicians Toolbox.lnk
2016-10-18 14:12 - 2016-10-18 14:12 - 00000000 ____D C:\gmer2
2016-10-18 14:04 - 2016-10-18 22:51 - 00000000 ____D C:\Users\Deplorable Paul\Desktop\mbar
2016-10-18 14:04 - 2016-10-18 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-18 13:10 - 2016-10-19 11:05 - 00000000 ____D C:\FRST
2016-10-18 13:05 - 2016-10-18 13:05 - 00012646 _____ C:\Users\Deplorable Paul\Documents\bad.reg
2016-10-18 12:57 - 2016-10-18 12:57 - 00056584 _____ (GMER) C:\pxldapow.sys
2016-10-18 12:53 - 2016-10-18 14:54 - 00000000 ____D C:\gmer
2016-10-18 12:53 - 2016-10-18 12:53 - 00002250 _____ C:\WINDOWS\system32\bddel.dat
2016-10-18 12:53 - 2016-10-17 16:55 - 00371282 _____ C:\gmer.zip
2016-10-18 12:33 - 2016-10-18 12:33 - 00001100 _____ C:\Users\Deplorable Paul\Desktop\WinDirStat.lnk
2016-10-18 12:33 - 2016-10-18 12:33 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-10-18 12:33 - 2016-10-18 12:33 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2016-10-18 12:22 - 2016-10-18 14:47 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-10-18 12:22 - 2015-08-11 12:22 - 03067392 _____ C:\WINDOWS\system32\pwNative.exe
2016-10-18 12:22 - 2013-09-30 15:26 - 00019152 ____N C:\WINDOWS\system32\pwdrvio.sys
2016-10-18 12:22 - 2013-09-30 15:26 - 00012504 ____N C:\WINDOWS\system32\pwdspio.sys
2016-10-18 12:05 - 2016-10-18 12:05 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-17 17:45 - 2016-10-17 17:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ___SD C:\WINDOWS\system32\lxss
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2016-10-17 15:29 - 2016-10-17 15:29 - 00000000 ____D C:\inetpub
2016-10-17 15:18 - 2016-10-17 15:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-10-17 15:11 - 2016-10-17 19:41 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\New folder
2016-10-17 02:29 - 2016-10-17 02:32 - 1134969327 _____ C:\Users\Deplorable Paul\Documents\Tools.7z
2016-10-17 02:23 - 2016-10-17 02:23 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2016-10-17 02:23 - 2016-10-17 02:23 - 00003268 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2016-10-17 02:23 - 2016-10-17 02:23 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2016-10-17 02:23 - 2016-10-17 02:23 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Private Internet Access
2016-10-17 02:23 - 2016-10-17 02:23 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Crashpad
2016-10-17 02:23 - 2016-10-17 02:23 - 00000000 ____D C:\Program Files\pia_manager
2016-10-17 02:22 - 2016-10-17 02:22 - 59955885 _____ C:\Users\Deplorable Paul\Downloads\pia-v65-win.exe
2016-10-17 02:08 - 2016-10-17 03:02 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\qBittorrent
2016-10-17 02:08 - 2016-10-17 02:08 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\qBittorrent
2016-10-17 02:07 - 2016-10-17 02:07 - 16462230 _____ (The qBittorrent project) C:\Users\Deplorable Paul\Downloads\qbittorrent_3.3.7_setup.exe
2016-10-17 02:07 - 2016-10-17 02:07 - 00000993 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-10-17 02:07 - 2016-10-17 02:07 - 00000000 ____D C:\Users\Deplorable Paul\qBittorrent
2016-10-17 02:07 - 2016-10-17 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-10-17 02:03 - 2016-10-17 02:06 - 00000000 ____D C:\Program Files (x86)\Deluge
2016-10-17 01:43 - 2016-10-17 01:43 - 00368694 _____ C:\ProgramData\cl.1476682876.bdinstall.bin
2016-10-17 01:43 - 2016-10-17 01:43 - 00054741 _____ C:\ProgramData\dm.1476683003.bdinstall.bin
2016-10-17 01:43 - 2016-10-17 01:43 - 00003408 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2016-10-17 01:42 - 2016-10-17 01:43 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Bitdefender
2016-10-17 01:42 - 2016-10-17 01:42 - 00253404 _____ C:\bdr-ld02
2016-10-17 01:42 - 2016-10-17 01:42 - 00009216 _____ C:\bdr-ld02.mbr
2016-10-17 01:42 - 2016-10-17 01:42 - 00002299 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2016-10-17 01:42 - 2016-10-17 01:42 - 00000684 _____ C:\bdr-cf02
2016-10-17 01:42 - 2016-10-17 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2016-10-17 01:42 - 2016-08-11 17:42 - 00300840 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-10-17 01:42 - 2016-06-29 18:07 - 01603264 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-10-17 01:42 - 2016-06-03 17:05 - 00850464 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-10-17 01:42 - 2016-04-18 12:37 - 49758821 _____ C:\bdr-im02.gz
2016-10-17 01:42 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-10-17 01:42 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-10-17 01:42 - 2013-08-13 13:38 - 03271472 _____ C:\bdr-bz02
2016-10-17 01:41 - 2016-10-17 01:49 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-17 01:41 - 2016-10-17 01:43 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-17 01:41 - 2016-10-17 01:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-10-17 01:41 - 2016-03-10 07:41 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-10-17 01:41 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-10-17 01:40 - 2016-10-19 11:00 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-17 01:40 - 2016-10-17 01:40 - 00046495 _____ C:\ProgramData\agent.1476682809.bdinstall.bin
2016-10-17 01:39 - 2016-10-17 01:40 - 09052608 _____ C:\Users\Deplorable Paul\Downloads\bitdefender_windows_b0757423-96e7-42f0-ae16-fe9ec0da791d.exe
2016-10-17 01:30 - 2016-10-17 01:30 - 20790968 _____ C:\Users\Deplorable Paul\Downloads\Bitdefender_2017_UninstallTool.exe
2016-10-17 01:30 - 2016-10-17 01:30 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-17 01:10 - 2016-10-17 01:10 - 01270466 _____ C:\Users\Deplorable Paul\Downloads\ProcessExplorer.zip
2016-10-17 01:10 - 2016-10-17 01:10 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-10-17 01:10 - 2016-10-17 01:10 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\ProcessExplorer
2016-10-17 01:02 - 2016-10-17 01:02 - 00453083 _____ C:\Users\Deplorable Paul\Downloads\GrantPerms.zip
2016-10-17 01:02 - 2016-10-17 01:02 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\GrantPerms
2016-10-17 01:01 - 2016-10-17 01:01 - 00000000 ____D C:\ProgramData\Trend Micro
2016-10-17 01:00 - 2016-10-17 01:00 - 00852798 _____ C:\Users\Deplorable Paul\Downloads\SecurityCheck.exe
2016-10-17 00:59 - 2016-10-17 01:00 - 05198336 _____ (AVAST Software) C:\Users\Deplorable Paul\Downloads\aswMBR.exe
2016-10-17 00:58 - 2016-10-17 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2016-10-17 00:58 - 2016-10-17 00:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-10-17 00:57 - 2016-10-17 00:57 - 00000000 ____D C:\Program Files\Hijackthis
2016-10-17 00:55 - 2016-10-17 00:55 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Deplorable Paul\Downloads\RUBottedSetup.exe
2016-10-17 00:42 - 2016-10-18 14:05 - 00002862 _____ C:\Users\Deplorable Paul\Desktop\unhide.txt
2016-10-17 00:27 - 2016-10-17 00:27 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\Deplorable Paul\Downloads\unhide.exe
2016-10-17 00:27 - 2016-10-17 00:27 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-10-17 00:26 - 2016-10-17 00:26 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-17 00:26 - 2016-10-17 00:26 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-17 00:26 - 2016-10-17 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-17 00:26 - 2016-10-17 00:26 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-17 00:25 - 2016-10-17 00:25 - 33597888 _____ (Adlice Software ) C:\Users\Deplorable Paul\Downloads\setup.exe
2016-10-17 00:24 - 2016-10-17 00:25 - 00276210 _____ C:\TDSSKiller.3.1.0.11_17.10.2016_00.24.57_log.txt
2016-10-17 00:23 - 2016-10-17 04:41 - 00000650 _____ C:\Users\Deplorable Paul\Desktop\JRT.txt
2016-10-17 00:21 - 2016-10-17 00:21 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Deplorable Paul\Downloads\tdsskiller.exe
2016-10-17 00:21 - 2016-10-17 00:21 - 01631928 _____ (Malwarebytes) C:\Users\Deplorable Paul\Downloads\JRT.exe
2016-10-17 00:07 - 2016-10-17 00:07 - 05659277 _____ (Swearware) C:\Users\Deplorable Paul\Downloads\ComboFix.exe
2016-10-17 00:06 - 2016-10-17 00:08 - 00000000 ____D C:\AdwCleaner
2016-10-17 00:06 - 2016-10-17 00:06 - 03874368 _____ C:\Users\Deplorable Paul\Downloads\AdwCleaner.exe
2016-10-16 23:56 - 2016-10-16 23:56 - 00000218 _____ C:\Users\Deplorable Paul\AppData\Local\recently-used.xbel
2016-10-16 23:55 - 2016-10-16 23:55 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Python-Eggs
2016-10-16 19:57 - 2016-10-16 23:56 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\deluge
2016-10-16 19:56 - 2016-10-17 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-10-16 19:56 - 2016-10-16 19:56 - 05207896 _____ (Microsoft Corporation) C:\Users\Deplorable Paul\Downloads\vcredist_x64.exe
2016-10-16 19:56 - 2016-10-16 19:56 - 04657496 _____ (Microsoft Corporation) C:\Users\Deplorable Paul\Downloads\vcredist_IA64.exe
2016-10-16 19:56 - 2016-10-16 19:56 - 04479832 _____ (Microsoft Corporation) C:\Users\Deplorable Paul\Downloads\vcredist_x86.exe
2016-10-16 19:55 - 2016-10-16 19:55 - 15955676 _____ (Deluge Team) C:\Users\Deplorable Paul\Downloads\deluge-1.3.13-win32-py2.7-0.exe
2016-10-16 19:54 - 2016-10-16 19:54 - 00112465 _____ C:\Users\Deplorable Paul\Downloads\2016-06-03_insurance.aes256.torrent
2016-10-16 19:53 - 2016-10-17 00:39 - 00000329 _____ C:\Users\Deplorable Paul\Documents\wikileaks.txt
2016-10-16 06:31 - 2016-10-16 06:31 - 00000000 ____D C:\WINDOWS\Panther
2016-10-15 16:20 - 2016-10-16 23:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-15 10:58 - 2016-10-15 11:01 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\vlc
2016-10-15 10:32 - 2016-10-18 22:25 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\CrashDumps
2016-10-14 14:25 - 2016-10-16 23:34 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-10-14 14:23 - 2016-10-14 14:24 - 30533688 _____ C:\Users\Deplorable Paul\Downloads\vlc-2.2.4-win32.exe
2016-10-14 12:24 - 2016-10-14 12:24 - 00001778 _____ C:\Users\Deplorable Paul\Documents\startup.txt
2016-10-14 12:19 - 2016-10-14 12:20 - 00000000 ____D C:\Program Files\CCleaner
2016-10-14 12:19 - 2016-10-14 12:19 - 06064656 _____ (Piriform Ltd) C:\Users\Deplorable Paul\Downloads\ccsetup522_pro.exe
2016-10-14 12:19 - 2016-10-14 12:19 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-10-14 12:19 - 2016-10-14 12:19 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-14 12:19 - 2016-10-14 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-14 11:44 - 2016-10-14 11:44 - 00000000 ____D C:\ProgramData\USOShared
2016-10-14 11:42 - 2016-10-17 17:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-10-14 11:40 - 2016-10-14 11:40 - 00000000 ____D C:\ProgramData\USOPrivate
2016-10-14 09:48 - 2016-10-14 09:48 - 00000000 ____D C:\Users\Deplorable Paul\AppData\LocalLow\Temp
2016-10-14 09:37 - 2016-10-14 09:37 - 00750811 _____ C:\Users\Deplorable Paul\Downloads\SKMBT_C55009061713530.pdf
2016-10-13 21:14 - 2016-10-13 21:14 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\NVIDIA
2016-10-13 21:06 - 2016-10-01 15:25 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-13 21:05 - 2016-10-13 21:05 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-13 21:05 - 2016-09-09 14:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-10-13 21:05 - 2016-09-09 14:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-10-13 21:05 - 2016-09-09 14:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-10-13 21:05 - 2016-09-09 14:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-10-13 21:04 - 2016-10-01 17:11 - 40068544 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 35180992 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 34848704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 28245560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 10868288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 10755136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 10295232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 09098864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 08877808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 08693056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 03909272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 03451744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 02913848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 02551352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 01935808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437306.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437306.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 01019328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00958520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00942016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00895032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00802584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00801744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00616832 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00437696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00384448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-10-13 21:04 - 2016-10-01 17:11 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-10-13 21:02 - 2016-10-13 21:03 - 357061032 _____ (NVIDIA Corporation) C:\Users\Deplorable Paul\Downloads\373.06-desktop-win10-64bit-international-whql.exe
2016-10-13 21:01 - 2016-10-13 21:13 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\NVIDIA
2016-10-13 21:01 - 2016-10-13 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-13 21:01 - 2016-10-13 21:01 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-13 21:01 - 2016-09-30 00:22 - 01844280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 01445944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-10-13 21:01 - 2016-09-29 15:27 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-10-13 21:00 - 2016-10-13 21:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-13 21:00 - 2016-10-01 15:53 - 07422645 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-10-13 21:00 - 2016-10-01 15:53 - 06385720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 02473408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 01364024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-10-13 21:00 - 2016-10-01 15:53 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-10-13 21:00 - 2016-09-23 23:20 - 00222664 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-10-13 21:00 - 2016-09-23 23:20 - 00210376 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-10-13 20:59 - 2016-10-13 20:59 - 71063336 _____ (NVIDIA Corporation) C:\Users\Deplorable Paul\Downloads\GeForce_Experience_v3.0.7.34(1).exe
2016-10-12 20:13 - 2016-10-12 20:13 - 00231356 _____ C:\Users\Deplorable Paul\Downloads\Demo Mode .zip
2016-10-12 20:13 - 2016-10-12 20:13 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\Demo Mode
2016-10-12 19:54 - 2016-10-12 19:54 - 00001199 _____ C:\Users\Public\Desktop\Corsair Utility Engine.lnk
2016-10-12 19:54 - 2016-10-12 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-10-12 19:54 - 2016-10-12 19:54 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-10-12 19:52 - 2016-10-12 19:52 - 110301184 _____ C:\Users\Deplorable Paul\Downloads\CorsairUtilityEngineSetup_2.5.66_release.msi
2016-10-11 15:18 - 2016-10-11 15:18 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\The Creative Assembly
2016-10-10 15:13 - 2016-10-10 15:13 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\BANDAI NAMCO Games
2016-10-10 06:42 - 2016-10-19 10:16 - 00000000 ____D C:\ProgramData\CLink4
2016-10-10 06:42 - 2016-10-10 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair Link 4
2016-10-10 06:42 - 2016-10-10 06:42 - 00000000 ____D C:\Program Files (x86)\CorsairLink4
2016-10-10 06:41 - 2016-10-10 06:41 - 27027275 _____ C:\Users\Deplorable Paul\Downloads\Corsair-LINK-Installer-v4.3.0.154(1).zip
2016-10-09 19:02 - 2016-10-09 19:02 - 00000000 ____D C:\Users\Deplorable Paul\AppData\LocalLow\StressLevelZero
2016-10-08 02:23 - 2016-10-08 02:23 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-08 02:23 - 2016-10-08 02:23 - 00000000 ____D C:\Program Files\MSBuild
2016-10-08 02:23 - 2016-10-08 02:23 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-10-08 02:23 - 2016-10-08 02:23 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-08 02:22 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-10-08 02:22 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-08 02:22 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-10-08 02:22 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-10-08 02:22 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-10-08 02:22 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-10-08 01:54 - 2016-10-08 01:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Skype
2016-10-08 01:50 - 2016-10-08 02:20 - 00000000 ____D C:\Users\Deplorable Paul\Documents\The Witcher 3
2016-10-08 01:50 - 2016-10-08 01:50 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\GalaxyCommunicationService
2016-10-08 01:46 - 2016-10-08 01:46 - 00000931 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-10-08 01:46 - 2016-10-08 01:46 - 00000000 ____D C:\Users\Deplorable Paul\Documents\Nexus Mod Manager
2016-10-08 01:46 - 2016-10-08 01:46 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Black_Tree_Gaming
2016-10-08 01:46 - 2016-10-08 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-10-08 01:46 - 2016-10-08 01:46 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-10-08 01:40 - 2016-10-08 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-10-08 01:40 - 2016-10-08 01:46 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2016-10-08 01:40 - 2016-10-08 01:40 - 06422664 _____ (Black Tree Gaming ) C:\Users\Deplorable Paul\Downloads\Nexus Mod Manager-0.62.2.exe
2016-10-08 01:40 - 2016-10-08 01:40 - 00001110 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2016-10-08 01:40 - 2016-10-08 01:40 - 00000000 ____D C:\ProgramData\GOG.com
2016-10-08 01:38 - 2016-10-08 01:39 - 148707936 _____ (GOG.com ) C:\Users\Deplorable Paul\Downloads\setup_galaxy_1.1.17.3.exe
2016-10-07 21:44 - 2016-10-07 21:50 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Mozilla
2016-10-07 21:44 - 2016-10-07 21:44 - 43585512 _____ C:\Users\Deplorable Paul\Downloads\Firefox Setup 49.0.1.exe
2016-10-07 21:44 - 2016-10-07 21:44 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-07 21:44 - 2016-10-07 21:44 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Mozilla
2016-10-07 21:44 - 2016-10-07 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-07 21:44 - 2016-10-07 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-07 02:48 - 2016-10-07 02:48 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\LZMA [13.0.0]
2016-10-07 02:47 - 2016-10-07 02:47 - 01091414 _____ C:\Users\Deplorable Paul\Downloads\LZMA [13.0.0].zip
2016-10-07 02:41 - 2016-10-12 19:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Corsair
2016-10-07 02:41 - 2016-10-12 19:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Corsair
2016-10-07 02:39 - 2016-10-07 02:39 - 27027275 _____ C:\Users\Deplorable Paul\Downloads\Corsair-LINK-Installer-v4.3.0.154.zip
2016-10-07 02:39 - 2016-10-07 02:39 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\Corsair-Utility-Engine-v1.16.42
2016-10-07 02:39 - 2016-10-07 02:39 - 00000000 ____D C:\Users\Deplorable Paul\Downloads\Corsair-LINK-Installer-v4.3.0.154
2016-10-07 02:39 - 2016-10-07 02:39 - 00000000 ____D C:\Program Files\DIFX
2016-10-07 02:39 - 2016-10-07 02:39 - 00000000 ____D C:\Program Files (x86)\Silabs
2016-10-07 02:38 - 2016-10-07 02:38 - 61563797 _____ C:\Users\Deplorable Paul\Downloads\Corsair-Utility-Engine-v1.16.42.zip
2016-10-07 02:04 - 2016-10-17 15:29 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2016-10-07 02:04 - 2016-10-17 15:29 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2016-10-07 02:02 - 2016-10-07 02:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-10-07 02:01 - 2016-10-07 02:01 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-10-07 01:51 - 2016-10-07 02:38 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\MicrosoftEdge
2016-10-07 01:46 - 2016-10-12 11:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-07 01:46 - 2016-10-12 11:00 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-07 01:44 - 2016-10-15 13:16 - 00000000 ___RD C:\Users\Deplorable Paul\OneDrive
2016-10-07 01:44 - 2016-10-08 01:55 - 00002393 _____ C:\Users\Deplorable Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-07 01:43 - 2016-10-07 01:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-10-07 01:42 - 2016-10-12 17:49 - 00000000 ___RD C:\Users\Public\AccountPictures
2016-10-07 01:42 - 2016-10-07 02:35 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\ConnectedDevicesPlatform
2016-10-07 01:42 - 2016-10-07 01:42 - 00000020 ___SH C:\Users\Deplorable Paul\ntuser.ini
2016-10-07 01:42 - 2016-10-07 01:42 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\TileDataLayer
2016-10-07 01:42 - 2016-10-07 01:42 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Publishers
2016-10-07 01:42 - 2016-10-07 01:42 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Comms
2016-10-07 01:13 - 2016-10-19 09:05 - 02711296 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-07 01:10 - 2016-10-07 01:10 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-10-07 01:10 - 2016-10-07 01:10 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-10-07 01:10 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-10-07 01:09 - 2016-10-19 08:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-07 01:09 - 2016-10-07 01:09 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-10-07 01:09 - 2016-10-07 01:09 - 00002398 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-10-07 01:09 - 2016-10-07 01:09 - 00002100 _____ C:\WINDOWS\System32\Tasks\MSIOSDx86_Host
2016-10-07 01:09 - 2016-10-07 01:09 - 00002100 _____ C:\WINDOWS\System32\Tasks\MSIOSDx64_Host
2016-10-07 01:09 - 2016-10-07 01:09 - 00002034 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2016-10-07 01:09 - 2016-10-07 01:09 - 00000252 _____ C:\WINDOWS\Tasks\MSISW_Host.job
2016-10-07 01:09 - 2016-10-07 01:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-10-07 01:08 - 2016-10-19 08:54 - 00000000 ____D C:\Users\Deplorable Paul
2016-10-07 01:08 - 2016-10-07 01:08 - 00000000 _SHDL C:\Users\Deplorable Paul\My Documents
2016-10-07 01:08 - 2016-10-07 01:08 - 00000000 _SHDL C:\Users\Deplorable Paul\Documents\My Videos
2016-10-07 01:08 - 2016-10-07 01:08 - 00000000 _SHDL C:\Users\Deplorable Paul\Documents\My Pictures
2016-10-07 01:08 - 2016-10-07 01:08 - 00000000 _SHDL C:\Users\Deplorable Paul\Documents\My Music
2016-10-07 01:08 - 2016-10-07 01:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-10-07 01:07 - 2016-10-19 10:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-07 01:07 - 2016-10-07 01:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-10-07 01:07 - 2016-10-07 01:07 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-10-07 01:07 - 2016-10-07 01:07 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-10-07 01:07 - 2016-10-07 01:07 - 00000000 ____D C:\Program Files\Realtek
2016-10-07 00:59 - 2016-10-19 08:54 - 00023354 _____ C:\bdlog.txt
2016-10-07 00:05 - 2016-10-06 21:35 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-10-07 00:04 - 2016-10-10 06:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-07 00:04 - 2016-10-06 21:28 - 00000000 ____D C:\Program Files\Intel
2016-10-07 00:02 - 2016-10-18 12:03 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\VirtualStore
2016-10-07 00:02 - 2016-10-16 23:33 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Packages
2016-10-07 00:02 - 2016-10-07 00:02 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Adobe
2016-10-06 22:08 - 2016-10-19 09:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-06 22:08 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-06 22:08 - 2016-10-06 22:08 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-06 22:08 - 2016-10-06 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-06 22:08 - 2016-10-06 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-06 22:08 - 2016-03-10 17:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-06 22:08 - 2016-03-10 17:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-06 22:08 - 2016-03-10 17:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-06 22:02 - 2016-10-13 21:13 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\NVIDIA Corporation
2016-10-06 22:02 - 2010-05-26 14:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-10-06 22:02 - 2010-05-26 14:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-10-06 22:02 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-10-06 22:02 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-10-06 22:01 - 2016-10-06 22:01 - 71063336 _____ (NVIDIA Corporation) C:\Users\Deplorable Paul\Downloads\GeForce_Experience_v3.0.7.34.exe
2016-10-06 22:01 - 2016-09-30 00:22 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-10-06 22:01 - 2016-09-30 00:22 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-10-06 22:01 - 2016-09-30 00:22 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-10-06 21:59 - 2016-10-06 21:59 - 18309328 _____ (Microsoft Corporation) C:\Users\Deplorable Paul\Downloads\MediaCreationTool.exe
2016-10-06 21:59 - 2016-10-06 21:59 - 00000000 ____D C:\Users\Deplorable Paul\Documents\NBGI
2016-10-06 21:59 - 2016-10-06 21:59 - 00000000 ____D C:\Users\Deplorable Paul\Documents\MGR
2016-10-06 21:57 - 2016-10-09 18:24 - 00000000 ____D C:\Users\Deplorable Paul\Documents\My Games
2016-10-06 21:54 - 2016-10-19 09:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-06 21:54 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-06 21:54 - 2016-10-06 21:54 - 00000975 _____ C:\Users\Public\Desktop\Steam.lnk
2016-10-06 21:54 - 2016-10-06 21:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Steam
2016-10-06 21:54 - 2016-10-06 21:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\CEF
2016-10-06 21:53 - 2016-10-06 21:53 - 01446792 _____ C:\Users\Deplorable Paul\Downloads\SteamSetup.exe
2016-10-06 21:53 - 2016-10-06 21:53 - 00000000 ___RD C:\Users\Deplorable Paul\Documents\Notes
2016-10-06 21:52 - 2016-10-19 09:01 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-10-06 21:52 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-06 21:52 - 2016-10-06 21:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-10-06 21:49 - 2016-10-19 08:54 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Temp
2016-10-06 21:45 - 2016-10-17 01:30 - 00000000 ____D C:\ProgramData\BDLogging
2016-10-06 21:45 - 2016-10-06 21:45 - 00253404 _____ C:\bdr-ld01
2016-10-06 21:45 - 2016-10-06 21:45 - 00009216 _____ C:\bdr-ld01.mbr
2016-10-06 21:45 - 2016-10-06 21:45 - 00000684 _____ C:\bdr-cf01
2016-10-06 21:45 - 2016-10-06 21:45 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-10-06 21:45 - 2016-10-06 21:45 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-06 21:45 - 2016-04-18 15:37 - 49758821 _____ C:\bdr-im01.gz
2016-10-06 21:45 - 2013-08-13 16:38 - 03271472 _____ C:\bdr-bz01
2016-10-06 21:45 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-10-06 21:44 - 2016-10-06 21:44 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\QuickScan
2016-10-06 21:43 - 2016-10-06 21:43 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-10-06 21:42 - 2016-10-06 21:42 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Roaming\Macromedia
2016-10-06 21:35 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2016-10-06 21:35 - 2016-10-06 21:37 - 00000000 ____D C:\ProgramData\Killer
2016-10-06 21:35 - 2016-10-06 21:35 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2016-10-06 21:35 - 2016-10-06 21:35 - 00000000 ____D C:\Program Files\Killer Networking
2016-10-06 21:34 - 2000-05-11 04:00 - 00090112 _____ (Creative Technology Ltd.) C:\WINDOWS\Updreg.EXE
2016-10-06 21:33 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-10-06 21:33 - 2016-10-06 21:33 - 00000159 ____R C:\WINDOWS\ctfile.rfc
2016-10-06 21:33 - 2016-10-06 21:33 - 00000000 ____D C:\ProgramData\Creative
2016-10-06 21:33 - 2016-10-06 21:33 - 00000000 ____D C:\Program Files (x86)\Creative
2016-10-06 21:33 - 2015-05-29 20:57 - 00089600 _____ C:\WINDOWS\system32\CmdRtr64.DLL
2016-10-06 21:33 - 2015-05-29 20:56 - 00366080 _____ C:\WINDOWS\system32\APOMgr64.DLL
2016-10-06 21:33 - 2015-05-29 20:56 - 00074240 _____ C:\WINDOWS\SysWOW64\CmdRtr.DLL
2016-10-06 21:33 - 2015-05-29 20:54 - 00274944 _____ C:\WINDOWS\SysWOW64\APOMngr.DLL
2016-10-06 21:33 - 2014-02-21 13:57 - 00041088 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBCfg64.dll
2016-10-06 21:33 - 2014-02-21 13:57 - 00038016 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBCfg32.dll
2016-10-06 21:33 - 2014-01-23 20:26 - 00013741 _____ C:\WINDOWS\SysWOW64\MBCfg32.ini
2016-10-06 21:33 - 2014-01-23 20:26 - 00013741 _____ C:\WINDOWS\system32\MBCfg64.ini
2016-10-06 21:33 - 2013-12-24 16:43 - 00375424 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\ChezSC64.DLL
2016-10-06 21:33 - 2013-12-24 16:42 - 00327296 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\ChezSC32.DLL
2016-10-06 21:33 - 2013-12-24 16:29 - 00002835 _____ C:\WINDOWS\MBCfg_SP_APOIM.ini
2016-10-06 21:33 - 2013-12-24 16:29 - 00002783 _____ C:\WINDOWS\MBCfg_APOIM.ini
2016-10-06 21:33 - 2013-12-24 16:29 - 00002747 _____ C:\WINDOWS\MBCfg_HP_APOIM.ini
2016-10-06 21:33 - 2013-11-20 14:24 - 00005856 _____ C:\WINDOWS\SysWOW64\MBCfgUninstall32.ini
2016-10-06 21:33 - 2013-11-20 14:24 - 00005856 _____ C:\WINDOWS\system32\MBCfgUninstall64.ini
2016-10-06 21:33 - 2013-04-23 13:54 - 00148096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBCfg64.exe
2016-10-06 21:33 - 2013-04-23 13:53 - 00138880 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBCfg32.exe
2016-10-06 21:33 - 2013-04-23 13:53 - 00015488 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\ResDefA.exe
2016-10-06 21:32 - 2016-10-19 10:47 - 00000000 ____D C:\Users\Deplorable Paul\AppData\Local\Google
2016-10-06 21:32 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Intel Extreme Tuning Utility
2016-10-06 21:32 - 2016-10-06 21:39 - 00000000 ____D C:\Program Files\Google
2016-10-06 21:32 - 2016-10-06 21:37 - 00000000 ____D C:\ProgramData\Norton
2016-10-06 21:32 - 2016-10-06 21:32 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-10-06 21:31 - 2016-10-06 22:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-06 21:31 - 2016-10-06 21:31 - 00002007 _____ C:\Users\Public\Desktop\MSI Super Charger.lnk
2016-10-06 21:30 - 2015-08-18 12:51 - 01692840 _____ (MSI) C:\WINDOWS\SysWOW64\muachost.exe
2016-10-06 21:30 - 2015-07-27 04:37 - 00031520 _____ (TODO: <公司名稱>) C:\WINDOWS\system32\FintekIcon1.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 06603171 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-10-06 21:29 - 2016-07-22 11:59 - 05209096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-10-06 21:29 - 2016-07-22 11:59 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 03199744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 03090544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-10-06 21:29 - 2016-07-22 11:59 - 02073096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 01978600 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 01745680 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 01360520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-10-06 21:29 - 2016-07-22 11:59 - 00041088 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\MBfilt64.sys
2016-10-06 21:29 - 2016-07-22 11:59 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-10-06 21:29 - 2016-07-22 11:58 - 03282544 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-10-06 21:29 - 2016-07-22 11:58 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-10-06 21:29 - 2016-07-22 11:58 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-10-06 21:29 - 2016-07-22 11:58 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-10-06 21:28 - 2016-10-10 06:38 - 00000000 ____D C:\ProgramData\Intel
2016-10-06 21:25 - 2016-10-14 11:34 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\LocalLow\EmieUserList
2016-10-06 21:25 - 2016-10-14 11:34 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\LocalLow\EmieSiteList
2016-10-06 21:25 - 2016-10-06 21:25 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\LocalLow\EmieBrowserModeList
2016-10-06 21:24 - 2016-10-07 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\LiveUpdate
2016-10-06 21:24 - 2016-07-19 22:27 - 00012669 _____ C:\WINDOWS\SysWOW64\ReleaseNote.txt
2016-10-06 21:15 - 2016-10-06 21:32 - 00002685 _____ C:\Users\Public\Desktop\MSI® Intel® Extreme Tuning Utility.lnk
2016-10-06 21:15 - 2016-10-06 21:15 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-10-06 21:15 - 2016-10-06 21:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-10-06 21:15 - 2016-10-06 21:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-10-06 21:15 - 2016-10-06 21:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-10-06 21:15 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-10-06 21:15 - 2010-05-26 14:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-10-06 21:15 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-10-06 21:15 - 2010-05-26 14:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-10-06 21:14 - 2016-10-14 18:50 - 00000000 ____D C:\MSI
2016-10-06 21:14 - 2016-10-10 06:38 - 00000000 ____D C:\Program Files (x86)\Intel
2016-10-06 21:14 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-10-06 21:14 - 2016-10-07 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-06 21:14 - 2016-10-06 21:31 - 00001624 _____ C:\Users\Public\Desktop\MSI Smart Utilities.lnk
2016-10-06 21:14 - 2016-10-06 21:31 - 00000000 ____D C:\Program Files (x86)\MSI
2016-10-06 21:14 - 2016-10-06 21:30 - 00001113 _____ C:\Users\Public\Desktop\MSI Command Center.lnk
2016-10-06 21:14 - 2016-10-06 21:30 - 00001073 _____ C:\Users\Public\Desktop\MSI Fast Boot.lnk
2016-10-06 21:14 - 2016-10-06 21:30 - 00001065 _____ C:\Users\Public\Desktop\MSI Gaming APP.lnk
2016-10-06 21:14 - 2016-10-06 21:30 - 00001065 _____ C:\Users\Public\Desktop\MSI ECO Center.lnk
2016-10-06 21:14 - 2016-10-06 21:24 - 00001975 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2016-10-06 21:14 - 2016-10-06 21:14 - 00000000 ____D C:\Program Files\7-Zip
2016-10-06 21:14 - 2016-10-06 21:14 - 00000000 ____D C:\Intel
2016-10-06 21:14 - 2014-04-30 19:23 - 00011248 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\acpimof.dll
2016-10-06 21:11 - 2016-10-14 14:24 - 00007582 _____ C:\Users\Deplorable Paul\AppData\Local\Resmon.ResmonCfg
2016-10-06 21:11 - 2016-10-14 11:34 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\Local\EmieUserList
2016-10-06 21:11 - 2016-10-14 11:34 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\Local\EmieSiteList
2016-10-06 21:11 - 2016-10-06 21:11 - 00000000 __SHD C:\Users\Deplorable Paul\AppData\Local\EmieBrowserModeList
2016-10-06 21:09 - 2016-10-19 08:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-06 21:09 - 2016-10-13 21:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-06 21:09 - 2016-10-13 21:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-06 21:06 - 2014-04-10 00:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-10-06 21:06 - 2014-04-10 00:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-10-06 21:05 - 2016-10-06 21:33 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-10-06 21:05 - 2016-10-06 21:29 - 00000000 ____D C:\Program Files (x86)\Temp
2016-10-06 21:05 - 2016-10-06 21:05 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-10-06 21:05 - 2016-04-11 16:38 - 02838232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-09-23 23:17 - 2016-10-01 17:11 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-09-23 23:16 - 2016-09-23 23:16 - 01931328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437290.dll
2016-09-23 22:51 - 2016-10-01 17:11 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-09-23 22:51 - 2016-09-23 22:51 - 01593800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437290.dll
2016-09-23 19:42 - 2016-10-01 17:11 - 00040826 _____ C:\WINDOWS\system32\nvinfo.pb
2016-09-23 19:40 - 2016-09-23 19:40 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-09-23 19:40 - 2016-09-23 19:40 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 10:59 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-19 08:58 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-10-19 08:24 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-19 08:24 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-19 08:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-18 14:35 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-10-18 13:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-17 15:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-10-17 15:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-10-17 15:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-10-17 15:29 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-17 15:29 - 2016-07-16 07:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrdc.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-10-17 15:29 - 2016-07-16 07:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-10-17 15:29 - 2016-07-16 07:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-10-17 15:29 - 2016-07-16 07:44 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-10-17 15:29 - 2016-07-16 07:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-10-17 15:29 - 2016-07-16 07:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-10-17 15:29 - 2016-07-16 07:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-10-17 15:29 - 2016-07-16 07:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrdc.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-10-17 15:29 - 2016-07-16 07:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2016-10-17 15:29 - 2016-07-16 07:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00107882 _____ C:\WINDOWS\system32\mib_ii.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-10-17 15:29 - 2016-07-16 07:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-10-17 15:29 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-10-17 15:29 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-10-17 15:29 - 2016-07-16 07:43 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2016-10-17 15:29 - 2016-07-16 07:43 - 00048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00048593 _____ C:\WINDOWS\system32\hostmib.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-10-17 15:29 - 2016-07-16 07:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprip.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00034317 _____ C:\WINDOWS\system32\msiprip2.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00030448 _____ C:\WINDOWS\system32\mcastmib.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00026236 _____ C:\WINDOWS\SysWOW64\wins.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00026236 _____ C:\WINDOWS\system32\wins.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-10-17 15:29 - 2016-07-16 07:43 - 00026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00026100 _____ C:\WINDOWS\system32\lmmib2.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
2016-10-17 15:29 - 2016-07-16 07:43 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00022462 _____ C:\WINDOWS\system32\rfc2571.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00021271 _____ C:\WINDOWS\SysWOW64\http.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00021271 _____ C:\WINDOWS\system32\http.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-10-17 15:29 - 2016-07-16 07:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00015799 _____ C:\WINDOWS\system32\ipforwd.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00015032 _____ C:\WINDOWS\system32\authserv.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00014032 _____ C:\WINDOWS\system32\accserv.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00013767 _____ C:\WINDOWS\system32\msipbtp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-10-17 15:29 - 2016-07-16 07:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-10-17 15:29 - 2016-07-16 07:43 - 00006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00006179 _____ C:\WINDOWS\system32\ftp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00004597 _____ C:\WINDOWS\system32\dhcp.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00004411 _____ C:\WINDOWS\SysWOW64\smi.mib
2016-10-17 15:29 - 2016-07-16 07:43 - 00004411 _____ C:\WINDOWS\system32\smi.mib
2016-10-17 15:29 - 2016-07-16 07:42 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
2016-10-17 15:29 - 2016-07-16 07:42 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2016-10-17 15:29 - 2016-07-16 07:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2016-10-17 01:30 - 2016-07-16 02:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2016-10-17 00:39 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-16 23:49 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-10-16 23:49 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-10-16 23:32 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-16 23:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-13 21:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-12 17:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-10 20:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-10-07 14:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-10-07 02:06 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-10-07 02:05 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-10-07 02:05 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-10-07 02:05 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-10-07 01:10 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-10-07 01:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-10-07 01:09 - 2016-07-16 07:47 - 00000000 ___RD C:\Users\Public\Libraries
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-10-07 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-10-07 01:08 - 2014-11-21 11:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-10-07 01:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-10-07 01:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-10-07 01:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-10-07 01:07 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-10-07 01:07 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-10-07 01:07 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-03 16:09 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-03 16:09 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-10-16 23:56 - 2016-10-16 23:56 - 0000218 _____ () C:\Users\Deplorable Paul\AppData\Local\recently-used.xbel
2016-10-06 21:11 - 2016-10-14 14:24 - 0007582 _____ () C:\Users\Deplorable Paul\AppData\Local\Resmon.ResmonCfg
2016-10-17 01:40 - 2016-10-17 01:40 - 0046495 _____ () C:\ProgramData\agent.1476682809.bdinstall.bin
2016-10-17 01:43 - 2016-10-17 01:43 - 0368694 _____ () C:\ProgramData\cl.1476682876.bdinstall.bin
2016-10-17 01:43 - 2016-10-17 01:43 - 0054741 _____ () C:\ProgramData\dm.1476683003.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-17 03:01

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Deplorable Paul (19-10-2016 11:07:03)
Running from C:\Users\Deplorable Paul\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-07 05:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-773808207-1985944678-2648674081-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-773808207-1985944678-2648674081-503 - Limited - Disabled)
Deplorable Paul (S-1-5-21-773808207-1985944678-2648674081-1001 - Administrator - Enabled) => C:\Users\Deplorable Paul
Guest (S-1-5-21-773808207-1985944678-2648674081-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.18.898 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.18.937 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.18.898 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Corsair Link 4 (HKLM-x32\...\{43242464-db63-47fb-b75c-706bc0dcd863}) (Version: 4.3.0.154 - Corsair Components, Inc.)
Corsair Link 4 (x32 Version: 4.3.0.154 - Corsair Components, Inc.) Hidden
Corsair Utility Engine (HKLM-x32\...\{84BE2927-A017-4DDC-9706-8D1051C23141}) (Version: 2.5.66 - Corsair)
EARTH DEFENSE FORCE 4.1 The Shadow of New Despair (HKLM\...\Steam App 410320) (Version: - SANDLOT)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Hot Dogs, Horseshoes & Hand Grenades (HKLM\...\Steam App 450540) (Version: - RUST LTD.)
House of the Dying Sun (HKLM\...\Steam App 283160) (Version: - Marauder Interactive, LLC)
Hover Junkers (HKLM\...\Steam App 380220) (Version: - Stress Level Zero)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.16 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.23 - MSI)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{236e0932-2039-4fba-9df8-2d67de8f730f}) (Version: 5.1.2.100 - Intel Corporation)
MSI Intel Extreme Tuning Utility (x32 Version: 5.1.2.100 - Intel Corporation) Hidden
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.021 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.07 - MSI)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Out of Ammo (HKLM\...\Steam App 451840) (Version: - RocketWerkz)
Pool Nation VR (HKLM\...\Steam App 269170) (Version: - Cherry Pop Games)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Raw Data (HKLM\...\Steam App 436320) (Version: - Survios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Shadow Warrior 2 (HKLM\...\Steam App 324800) (Version: - Flying Wild Hog)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.08 - Creative Technology Limited)
Space Pirate Trainer (HKLM\...\Steam App 418650) (Version: - I-Illusions)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM\...\Steam App 322500) (Version: - SUPERHOT Team)
Tales of Zestiria (HKLM\...\Steam App 351970) (Version: - BANDAI NAMCO Studio Inc.)
The Brookhaven Experiment (HKLM\...\Steam App 440630) (Version: - Phosphor Games)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
Tilt Brush (HKLM\...\Steam App 327140) (Version: - Google)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
Vanishing Realms (HKLM\...\Steam App 322770) (Version: - Indimo Labs LLC)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-773808207-1985944678-2648674081-1001\...\WinDirStat) (Version: - )
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-773808207-1985944678-2648674081-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Deplorable Paul\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {287AE7A6-6D5A-4BBB-B8DC-B701870BDFC9} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {3FB0D694-2A34-4BA3-8633-B6A990D5800D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {6CF7E3BA-B524-4D09-A616-122AF4BA9851} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation)
Task: {8E046E31-10B5-4F84-BB02-E70FA8EE0A54} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {B82FC4B0-D9D4-48F4-9252-33D4B3261076} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {BA12689F-DE7F-462A-9224-3CD889640D2A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-17] ()
Task: {C484C412-9CE2-4F7B-8E3C-CE280EF7D424} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {C4CE8612-9E12-4BFA-A86B-639A29F094EE} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {E2AC60A4-862B-4E57-BB1D-0439EA5DD430} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2016-09-01] (Bitdefender)
Task: {EEDDE8EF-4052-4AE0-8249-7E7956027A43} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWoW64\muachost.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-07 02:04 - 2016-10-07 02:04 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-13 21:00 - 2016-10-01 15:53 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-10-17 01:42 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2016-10-17 01:42 - 2016-08-24 19:02 - 00134152 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ECEvents.dll
2016-10-17 01:42 - 2016-09-21 19:47 - 00113944 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ThreatReporter.dll
2016-10-17 01:42 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
2016-10-17 01:42 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
2016-10-17 01:42 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
2016-10-17 01:42 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
2016-10-06 21:30 - 2016-06-14 19:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2016-10-07 02:04 - 2016-10-07 02:04 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-08 01:54 - 2016-10-08 01:54 - 01864384 _____ () C:\Users\Deplorable Paul\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-10-07 02:04 - 2016-10-07 02:04 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 09:36 - 2016-10-05 05:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-12 09:35 - 2016-10-05 05:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-12 09:35 - 2016-10-05 05:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-12 09:35 - 2016-10-05 05:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-12 09:35 - 2016-10-05 05:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-12 09:35 - 2016-10-05 05:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-12 09:35 - 2016-10-05 05:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-17 01:42 - 2016-10-08 07:24 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdsystray.txtui
2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-10-17 01:42 - 2016-09-15 21:36 - 00569056 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ExternalDevices.dll
2016-10-17 01:42 - 2016-09-15 21:36 - 00334032 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\ui\ltr\ExternalDevices.ui
2016-10-17 01:42 - 2016-10-08 07:24 - 00334032 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\ExternalDevices.txtui
2016-10-17 01:42 - 2016-10-08 07:24 - 00022304 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdaphconp.txtui
2016-10-17 01:42 - 2016-09-06 16:57 - 00066240 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bddpsp.dll
2016-10-17 01:43 - 2016-10-10 09:52 - 00021280 _____ () C:\Program Files\Bitdefender\Bitdefender Device Management\lang\en-US\dmiface.txtui
2013-09-16 18:00 - 2013-09-16 18:00 - 00651264 _____ () C:\Users\Deplorable Paul\AppData\Local\Temp\bdsyslog\libxml2.dll
2016-10-06 21:24 - 2005-07-18 16:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2016-10-13 21:01 - 2016-09-30 00:22 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-06 21:30 - 2016-06-14 19:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2016-10-06 21:54 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-10-06 21:54 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-10-06 21:54 - 2016-10-12 21:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-10-06 21:54 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-10-06 21:54 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-10-06 21:54 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-06 21:54 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-06 21:54 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-06 21:54 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-06 21:54 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-06 21:54 - 2016-10-12 21:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-06 21:54 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 20:58 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-09-14 17:37 - 2016-09-14 17:37 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-09-14 17:35 - 2016-09-14 17:35 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2016-09-14 17:35 - 2016-09-14 17:35 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-06-10 10:19 - 2016-06-10 10:19 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-06-10 10:19 - 2016-06-10 10:19 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-19 11:03 - 2016-10-19 11:03 - 00011264 _____ () C:\Users\Deplorable Paul\AppData\Local\Temp\nse66FD.tmp\System.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\373.06-desktop-win10-64bit-international-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\autoruns.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\BDSysLog_i(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\Bitdefender_2017_UninstallTool.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\ccsetup522_pro.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\deluge-1.3.13-win32-py2.7-0.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\Firefox Setup 49.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\FixExec.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\FSS.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\GeForce_Experience_v3.0.7.34(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\GeForce_Experience_v3.0.7.34.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\MediaCreationTool.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\Nexus Mod Manager-0.62.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\pia-v65-win.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\qbittorrent_3.3.7_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\RUBottedSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\sc-cleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\SecurityCheck.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\setup_galaxy_1.1.17.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\TFC.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\unhide.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\vcredist_IA64.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\vcredist_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\vcredist_x86.exe:BDU [0]
AlternateDataStreams: C:\Users\Deplorable Paul\Downloads\vlc-2.2.4-win32.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-10-19 10:59 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-773808207-1985944678-2648674081-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Sound Blaster Cinema 2"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8577F2F4-DA6F-470B-924F-042062183E68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AAE8C80-35EB-4859-AB11-16B04340EC6F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3CE6D258-E49C-4BB5-8DF5-BA5233466978}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CA6D002D-E2C2-45F7-8B01-6DA4D5CA5EBB}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{534067CB-C88A-491C-B171-DD74DE3F095A}] => (Allow) F:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{938C0232-FA53-4B77-B7F0-4C4F7FEA8449}] => (Allow) F:\SteamLibrary\steamapps\common\Rust\Rust.exe
FirewallRules: [{7E3DF489-22C6-4614-9D93-EE2421D3C883}] => (Allow) F:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{DED7DD18-0411-49F9-9D4B-33344493F4FC}] => (Allow) F:\SteamLibrary\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{ACB7CECF-52DB-474B-AFEE-B798AB2A51DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3446EB47-943D-42A2-B498-3A0946DB1299}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65BF6203-5ABE-4361-9BC5-B0C5F6479A02}] => (Allow) F:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{DC489BDB-1E6D-415A-AE61-41EFAE3CAD99}] => (Allow) F:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A377D4CE-672F-46BE-974E-2BDD5979DA88}] => (Allow) F:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{864FF550-27A2-469B-8220-214FCBFEB2EC}] => (Allow) F:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7A20B65D-2BD8-41F4-9A2F-2E9FB6E55EC8}] => (Allow) E:\SteamLibrary\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{6CF23E23-4E60-4C02-B656-A525DAAC190E}] => (Allow) E:\SteamLibrary\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{1780090B-BF1E-4938-A9B9-C3942C869AE6}] => (Allow) E:\SteamLibrary\steamapps\common\Earth Defense Force 4.1\EDF41.exe
FirewallRules: [{3A7DB619-286C-4365-8914-2955B2728990}] => (Allow) E:\SteamLibrary\steamapps\common\Earth Defense Force 4.1\EDF41.exe
FirewallRules: [{5FA6B7D7-7958-46CF-93CF-6F2D57AD6FC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tilt Brush\TiltBrush.exe
FirewallRules: [{CBBAB15A-7344-4614-B32E-6706D0EDB99C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tilt Brush\TiltBrush.exe
FirewallRules: [{DA80EBAF-3B5D-4BB8-87A6-22D179616F1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Out of Ammo\OutOfAmmo.exe
FirewallRules: [{B883336E-96A0-4BC6-9F79-9ACD58417BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Out of Ammo\OutOfAmmo.exe
FirewallRules: [{D557CC07-C9EC-4A9E-980D-C3A82F932FA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{2EF88D2A-89CF-4F79-9338-E39B019BDC1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{0C3C06E4-8730-4C84-8E07-F676535A7AFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H3VR\h3vr.exe
FirewallRules: [{111AC704-7F7D-4D61-AB96-D73C6B083257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H3VR\h3vr.exe
FirewallRules: [{F715701D-C01F-40A9-ADE5-7F57F96042E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DyingSun\dyingsun.exe
FirewallRules: [{786B5452-811A-41CF-8D81-43871A86B6F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DyingSun\dyingsun.exe
FirewallRules: [{5DE9E2A1-A0BC-49A8-8638-BE3A12EDE8BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoverJunkers\HoverJunkers.exe
FirewallRules: [{C7A617F2-27DF-4F97-A039-6B92DDD62FE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HoverJunkers\HoverJunkers.exe
FirewallRules: [{7B6AC240-8627-432E-A5C6-C1409C208C83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [{76432BD2-6754-4A71-9D26-A07E345D9F2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [{0C02E707-6AE4-4A33-9C6C-B757057F5E57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{5CC2187C-1E39-4137-B72E-FA1DC02023B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Pirate Trainer VR\SpacePirateVR.exe
FirewallRules: [{A393AF01-423F-4C44-A0A1-F57BD4524051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{8E1F33A5-85E8-48A8-92E6-200CC447B03D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{DBFF7160-6A45-4D57-9BD2-F4BBE663DAFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{5E24C8DC-A5CE-492B-931C-88D9CF6C002D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{85CAF483-A771-460F-BA2D-E129FA150331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{2BE791D8-EC71-4EFE-8A06-935186842282}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{C7C6A9D0-CD25-49EE-8AEA-A6C9686594A6}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{7C789EC0-CC59-4888-A613-2FB24B59452A}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{0C24FD86-9801-4537-8C61-AA34C065A652}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{D2E21A53-8828-488A-9059-52E60ABF7E63}] => (Allow) E:\SteamLibrary\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{119D7F1F-8F10-4835-B6E5-9D0A53D296E1}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{89A58830-423D-4043-95AC-804B4FE36B41}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{56C3AEB9-38AC-4C44-B215-E917DB1AB2B3}] => (Allow) F:\SteamLibrary\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{8999855C-F5CF-437E-A756-1E4480C351D8}] => (Allow) F:\SteamLibrary\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{2FE8BB1E-5730-4D02-B0D7-8C07F377D4EA}] => (Allow) F:\SteamLibrary\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{1DEE4556-F12C-468C-BE6D-4B403BA31318}] => (Allow) F:\SteamLibrary\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{A98E5972-536F-488B-9E57-C28E55C90C94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C2B69B8A-9DAB-4AC2-96D9-42DD6C094EEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6308EF90-23B2-45A8-A1CA-020ACF67F8FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{337C455A-F6F5-472E-8BB6-1562B1450061}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E2A99991-450B-464B-8D5C-9778322D24F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{76D77F3F-B644-48F9-9CC1-F2B78AE1EB3B}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{0898794B-BDAC-44A9-AEC7-815890CD2C8D}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{B0579FE4-4F73-4DF6-8D81-0FB37E041DFA}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{FDBACA15-AD36-4611-A3B8-5A6EDB6FF716}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{B7F5A0E2-362C-4653-98E5-A65D41966A57}] => (Allow) LPort=26789
FirewallRules: [TCP Query User{4C3FA1B0-74C8-4768-8B9A-5C6E3C820D5A}C:\users\deplorable paul\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\deplorable paul\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{35699A58-2B8E-4C12-9ECE-073625A81988}C:\users\deplorable paul\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\deplorable paul\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{9BCC7AFE-8905-4800-9656-BE2610ED3F7A}C:\users\deplorable paul\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\deplorable paul\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [UDP Query User{834B3448-9090-4B51-8745-DF56ADDAEBCC}C:\users\deplorable paul\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\deplorable paul\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [{1FD55402-1DBF-4916-B605-908508CE923A}] => (Allow) C:\Users\Deplorable Paul\qBittorrent\qbittorrent.exe
FirewallRules: [{3F13AB37-BFB9-4654-9171-5F43596267E3}] => (Allow) C:\Users\Deplorable Paul\qBittorrent\qbittorrent.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{A266162D-E5BE-4702-A9AD-7B25B1A0799A}] => (Allow) F:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{A9356D6A-995F-460E-A8F7-EB53BEA4F670}] => (Allow) F:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe

==================== Restore Points =========================

17-10-2016 00:22:25 JRT Pre-Junkware Removal
17-10-2016 04:40:06 JRT Pre-Junkware Removal
18-10-2016 14:40:57 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2016 10:48:03 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {CDC82860-468D-4D4E-B7E7-C298FF23AB2C} was rejected

Error: (10/19/2016 10:48:03 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {CDC82860-468D-4D4E-B7E7-C298FF23AB2C} was rejected

Error: (10/19/2016 09:00:08 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (10/19/2016 08:57:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2116-09-25T12:57:55Z. Error Code: 0x800706BA.

Error: (10/19/2016 08:57:39 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 00000000. The machine must now be restarted.

Error: (10/19/2016 08:56:31 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (10/19/2016 04:05:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Pepe)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (10/19/2016 03:05:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Pepe)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.


System errors:
=============
Error: (10/19/2016 09:03:07 AM) (Source: DCOM) (EventID: 10010) (User: Pepe)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (10/19/2016 09:01:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (10/19/2016 09:01:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (10/19/2016 08:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/19/2016 08:59:00 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (10/19/2016 08:58:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RUBotSrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/19/2016 08:58:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RUBotSrv service to connect.

Error: (10/19/2016 08:58:53 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 3 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/19/2016 08:58:53 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 2 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/19/2016 08:58:53 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.


CodeIntegrity:
===================================
Date: 2016-10-19 08:59:00.434
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-19 08:55:23.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-18 21:58:36.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-18 14:55:05.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-18 13:50:04.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-10-18 11:43:04.985
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 17:38:09.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 15:14:35.783
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 14:27:01.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 07:31:36.426
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 28%
Total physical RAM: 16332.79 MB
Available physical RAM: 11722.89 MB
Total Virtual: 32716.79 MB
Available Virtual: 26983.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.1 GB) (Free:81.02 GB) NTFS
Drive d: (Steam Games 2) (Fixed) (Total:465.76 GB) (Free:116.25 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:223.44 GB) (Free:114.84 GB) NTFS
Drive f: (Steam Games) (Fixed) (Total:465.76 GB) (Free:86.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C1C2C1C2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FD529592)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 98121182)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 October 2016 - 02:53 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 23 October 2016 - 02:45 PM

Greetings PWL5605 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 23 October 2016 - 03:22 PM

Greetings,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-773808207-1985944678-2648674081-1001] ATTENTION => Default URLSearchHook is missing
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
C:\Users\Deplorable Paul\AppData\Local\Temp\nse66FD.tmp
BootExecute: autocheck autochk /p \??\G:autocheck autochk *
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached System Summary report
  • Update on current symptoms

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 26 October 2016 - 12:38 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 28 October 2016 - 09:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users