Jump to content


Photo

My computer has been slow ever since i updated my nvidia drivers


  • This topic is locked This topic is locked
10 replies to this topic

#1 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 28 September 2016 - 06:14 AM

I don't know if it's the drivers or I have malware on my computer.

 

I was hoping you could check it out for me

 

Below is my info: 

 

Malwarebytes: nothing showed up

 

FRST 64: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by Marty (administrator) on MARTY-PC (28-09-2016 05:14:59)
Running from C:\Users\Marty\Downloads
Loaded Profiles: Marty (Available Profiles: Marty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Mindzoom) C:\Program Files (x86)\Mindzoom\mindzoom.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Marty\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
() C:\Program Files (x86)\Acquisition\acquisition.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.28\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.68\deploy\LoLPatcherUx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-10] (Razer Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [10174288 2016-06-05] (Visicom Media Inc.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\MountPoints2: {71ca4d3e-49f7-11e6-9229-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mindzoom.lnk [2016-09-28]
ShortcutTarget: mindzoom.lnk -> C:\Program Files (x86)\Mindzoom\mindzoom.exe (Mindzoom)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04B5CB71-CB3D-4987-B49B-2EB44AC68A77}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{27E661A1-5B33-41E2-8A29-0ED9D7372860}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9C9A37F5-92A4-435E-A398-A69EB7FA054E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-21]
FF Extension: (Adblock Plus) - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\0tp6dndc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-21]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Adblock Plus) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Excel Viewer, Editor) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpdiahdjhpfaafoffpoaafcmjbcfmaj [2016-07-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14]
CHR Extension: (GAuth Authenticator) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2016-07-14]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-14] (Camshare Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-25] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [36568 2015-08-13] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [44760 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-28 05:14 - 2016-09-28 05:15 - 00019703 _____ C:\Users\Marty\Downloads\FRST.txt
2016-09-28 05:14 - 2016-09-28 05:14 - 02404352 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe
2016-09-28 05:14 - 2016-09-28 05:14 - 00899072 _____ C:\Users\Marty\Downloads\RGSA.exe
2016-09-28 05:14 - 2016-09-28 05:14 - 00000865 _____ C:\Users\Marty\Downloads\SALog.txt
2016-09-27 23:47 - 2016-09-27 23:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-27 23:46 - 2016-09-27 23:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-27 23:46 - 2016-09-27 23:46 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-27 23:46 - 2016-09-27 23:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-27 23:46 - 2016-09-16 17:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-27 23:46 - 2016-09-16 17:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-27 23:46 - 2016-09-16 17:46 - 00039730 _____ C:\Windows\system32\nvinfo.pb
2016-09-27 23:46 - 2016-09-16 17:46 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-09-27 23:46 - 2016-09-16 17:46 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-09-27 23:46 - 2016-09-16 15:57 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-09-27 23:46 - 2016-09-16 15:57 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-09-27 23:46 - 2016-09-16 15:57 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-09-27 23:46 - 2016-09-16 00:40 - 07379415 _____ C:\Windows\system32\nvcoproc.bin
2016-09-27 23:46 - 2016-09-09 11:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-27 23:46 - 2016-09-09 11:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-09-27 23:46 - 2016-09-09 11:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-27 23:46 - 2016-09-09 11:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-27 23:45 - 2016-09-27 23:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-27 23:40 - 2016-09-25 01:09 - 351102072 _____ (NVIDIA Corporation) C:\Users\Marty\Desktop\372.90-desktop-win8-win7-64bit-international-whql - Copy.exe
2016-09-27 23:39 - 2016-09-27 23:39 - 01038877 _____ C:\Users\Marty\Downloads\[Guru3D.com]-DDU.zip
2016-09-27 23:39 - 2016-09-27 23:39 - 00000000 ____D C:\Users\Marty\Desktop\Guru3D.com
2016-09-27 23:37 - 2016-09-27 23:38 - 351102072 _____ (NVIDIA Corporation) C:\Users\Marty\Desktop\372.90-desktop-win8-win7-64bit-international-whql (1).exe
2016-09-27 21:21 - 2016-09-27 21:21 - 00000040 _____ C:\Users\Marty\Desktop\needed ring resistances for a socket ring.txt
2016-09-27 20:12 - 2016-09-27 20:12 - 00000372 _____ C:\Users\Marty\Desktop\wwhat to buy socket ring next.txt
2016-09-25 17:56 - 2016-09-25 17:56 - 00000062 _____ C:\Users\Marty\Desktop\trading for path of exile.txt
2016-09-25 12:39 - 2016-09-27 21:56 - 00000000 ____D C:\Users\Marty\AppData\Local\acquisition
2016-09-25 12:38 - 2016-09-25 12:38 - 29306051 _____ ( ) C:\Users\Marty\Desktop\acquisition_setup_0.5g.exe
2016-09-25 12:38 - 2016-09-25 12:38 - 00001047 _____ C:\Users\Public\Desktop\Acquisition.lnk
2016-09-25 12:38 - 2016-09-25 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acquisition
2016-09-25 12:38 - 2016-09-25 12:38 - 00000000 ____D C:\Program Files (x86)\Acquisition
2016-09-25 01:08 - 2016-09-25 01:09 - 351102072 _____ (NVIDIA Corporation) C:\Users\Marty\Desktop\372.90-desktop-win8-win7-64bit-international-whql.exe
2016-09-24 00:27 - 2016-09-24 00:27 - 00000222 _____ C:\Users\Marty\Desktop\Wander.url
2016-09-23 17:58 - 2016-09-23 18:01 - 1062387971 _____ C:\Users\Marty\Desktop\UOEvolution Custom Client.rar
2016-09-23 07:04 - 2016-09-23 07:06 - 00000017 _____ C:\Users\Marty\Desktop\Trial for Uber ascendancy in maps.txt
2016-09-23 04:01 - 2016-09-23 06:38 - 00000228 _____ C:\Users\Marty\Desktop\Uber Trials.txt
2016-09-22 20:34 - 2016-09-22 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-22 19:04 - 2016-09-22 19:04 - 00238976 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.01a (1).zip
2016-09-22 19:04 - 2016-09-22 19:04 - 00238389 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.1 (4).zip
2016-09-22 18:41 - 2016-09-22 18:41 - 00012762 _____ C:\Users\Marty\Desktop\ZiggyLoot_v2_4_Atlas.filter
2016-09-22 12:46 - 2016-09-22 12:46 - 00238976 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.01a.zip
2016-09-21 21:21 - 2016-09-23 20:48 - 00000007 _____ C:\Users\Marty\Desktop\last world war z place we left off at.txt
2016-09-21 20:53 - 2016-09-21 20:53 - 00000000 ____D C:\Users\Marty\Downloads\NeverSink-Filter-4.1 (3)
2016-09-21 20:52 - 2016-09-21 20:52 - 00238389 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.1 (3).zip
2016-09-21 13:23 - 2016-09-21 13:23 - 00475223 _____ C:\Users\Marty\Downloads\oftrta_v2.4.0.filter
2016-09-21 12:52 - 2016-09-22 20:34 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-21 12:52 - 2016-09-22 20:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-21 12:52 - 2016-09-22 20:34 - 00000000 ____D C:\Users\Marty\AppData\Local\Skype
2016-09-21 12:51 - 2016-09-21 12:51 - 26951680 _____ C:\Users\Marty\Desktop\SkypeSetup_6.21.0.104.msi
2016-09-21 12:44 - 2016-09-28 00:58 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Skype
2016-09-21 12:33 - 2016-09-21 12:33 - 01461376 _____ (Skype Technologies S.A.) C:\Users\Marty\Downloads\SkypeSetup (1).exe
2016-09-21 12:19 - 2016-09-21 12:19 - 00327291 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.0.zip
2016-09-21 12:11 - 2016-09-11 17:19 - 00000000 ____D C:\Users\Marty\Desktop\NeverSink-Filter-4.1
2016-09-21 11:59 - 2016-09-21 11:59 - 00238389 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.1 (2).zip
2016-09-21 11:59 - 2016-09-21 11:59 - 00238389 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.1 (1).zip
2016-09-21 11:59 - 2016-09-21 11:58 - 00238389 _____ C:\Users\Marty\Desktop\NeverSink-Filter-4.1.zip
2016-09-21 11:58 - 2016-09-21 11:58 - 00238389 _____ C:\Users\Marty\Downloads\NeverSink-Filter-4.1.zip
2016-09-21 02:51 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 02:51 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-20 22:37 - 2016-09-21 07:46 - 00000177 _____ C:\Users\Marty\Desktop\(Show kimmy this song)the little girl-by John Micheal Montgomery.txt
2016-09-18 21:33 - 2016-09-28 05:08 - 00000000 ____D C:\Users\Marty\AppData\Roaming\TS3Client
2016-09-18 21:33 - 2016-09-18 21:33 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-18 21:33 - 2016-09-18 21:33 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-18 21:33 - 2016-09-18 21:33 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-09-18 21:02 - 2016-09-18 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-09-18 20:58 - 2016-09-18 20:58 - 00000222 _____ C:\Users\Marty\Desktop\Terraria.url
2016-09-15 01:47 - 2016-09-15 01:47 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marty\Downloads\DiscordSetup.exe
2016-09-13 17:48 - 2016-09-27 23:39 - 01127133 _____ (Igor Pavlov) C:\Users\Marty\Desktop\DDU v17.0.2.0.exe
2016-09-13 17:31 - 2016-09-02 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-13 17:31 - 2016-09-02 08:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 17:31 - 2016-09-02 08:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-13 17:31 - 2016-09-02 08:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 17:31 - 2016-09-02 08:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 17:31 - 2016-09-02 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 17:31 - 2016-09-02 08:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-13 17:31 - 2016-09-02 08:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-13 17:31 - 2016-09-02 08:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 08:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 17:31 - 2016-09-02 08:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 17:31 - 2016-09-02 08:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 17:31 - 2016-09-02 08:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 17:31 - 2016-09-02 07:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-13 17:31 - 2016-09-02 07:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 17:31 - 2016-09-02 07:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 17:31 - 2016-09-02 07:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 17:31 - 2016-09-02 07:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 17:31 - 2016-09-02 07:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 17:31 - 2016-09-02 07:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-13 17:31 - 2016-09-02 07:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 17:31 - 2016-09-02 07:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-13 17:31 - 2016-09-02 07:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-13 17:31 - 2016-09-02 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-13 17:31 - 2016-09-02 07:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-13 17:31 - 2016-09-02 07:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-13 17:31 - 2016-09-02 07:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 07:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 07:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-13 17:31 - 2016-09-02 07:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-13 17:31 - 2016-09-01 12:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 17:31 - 2016-09-01 11:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-13 17:31 - 2016-08-31 20:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-13 17:31 - 2016-08-31 20:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-13 17:31 - 2016-08-31 19:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-13 17:31 - 2016-08-31 19:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-13 17:31 - 2016-08-31 19:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-13 17:31 - 2016-08-31 19:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-13 17:31 - 2016-08-31 19:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-13 17:31 - 2016-08-31 19:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-13 17:31 - 2016-08-31 19:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-13 17:31 - 2016-08-31 19:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-13 17:31 - 2016-08-31 19:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-13 17:31 - 2016-08-31 19:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-13 17:31 - 2016-08-31 19:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-13 17:31 - 2016-08-31 19:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-13 17:31 - 2016-08-31 19:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-13 17:31 - 2016-08-31 18:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-13 17:31 - 2016-08-31 18:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-13 17:31 - 2016-08-31 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-13 17:31 - 2016-08-31 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-13 17:31 - 2016-08-31 18:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-13 17:31 - 2016-08-31 18:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-13 17:31 - 2016-08-31 18:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-13 17:31 - 2016-08-31 18:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-13 17:31 - 2016-08-31 18:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-13 17:31 - 2016-08-31 18:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-13 17:31 - 2016-08-31 18:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-13 17:31 - 2016-08-31 18:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-13 17:31 - 2016-08-31 17:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 17:31 - 2016-08-31 17:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-13 17:31 - 2016-08-31 17:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-13 17:31 - 2016-08-31 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 17:31 - 2016-08-31 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 17:31 - 2016-08-31 17:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-13 17:31 - 2016-08-31 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 17:31 - 2016-08-31 17:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 17:31 - 2016-08-31 17:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 17:31 - 2016-08-31 17:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 17:31 - 2016-08-31 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 17:31 - 2016-08-31 17:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 17:31 - 2016-08-31 17:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 17:31 - 2016-08-31 17:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 17:31 - 2016-08-31 17:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 17:31 - 2016-08-31 17:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 17:31 - 2016-08-31 17:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 17:31 - 2016-08-31 17:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 17:31 - 2016-08-31 17:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 17:31 - 2016-08-31 17:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 17:31 - 2016-08-31 17:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 17:31 - 2016-08-31 16:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 17:31 - 2016-08-31 16:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 17:31 - 2016-08-31 16:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 17:31 - 2016-08-31 16:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 17:31 - 2016-08-31 16:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 17:31 - 2016-08-31 16:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 17:31 - 2016-08-31 16:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 17:31 - 2016-08-31 16:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 17:31 - 2016-08-31 16:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 17:31 - 2016-08-31 16:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 17:31 - 2016-08-31 16:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 17:31 - 2016-08-31 16:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 17:31 - 2016-08-31 16:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 17:31 - 2016-08-31 16:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 17:31 - 2016-08-31 15:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 17:31 - 2016-08-31 15:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 17:31 - 2016-08-16 10:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 17:31 - 2016-08-15 19:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-13 17:31 - 2016-08-15 19:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 17:31 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 17:31 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 17:31 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 17:31 - 2016-08-06 08:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-13 17:31 - 2016-08-06 08:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-13 17:31 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-13 17:31 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-13 17:31 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-13 17:31 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-13 17:31 - 2016-07-01 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-13 17:31 - 2016-07-01 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-13 17:31 - 2016-07-01 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-13 17:31 - 2016-07-01 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-13 17:31 - 2016-06-06 09:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-13 17:31 - 2016-06-06 09:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-13 17:31 - 2016-06-06 09:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-13 17:31 - 2016-06-06 09:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-13 17:31 - 2016-06-06 08:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-13 17:31 - 2016-06-06 08:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-13 17:31 - 2016-06-06 08:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-13 17:31 - 2016-06-06 08:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-13 17:31 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-13 17:31 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-13 17:31 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-13 17:31 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-13 17:31 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-13 17:31 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-13 17:31 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-13 17:31 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauc

#2 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 28 September 2016 - 06:16 AM

Nevermind on the rgsa, i didn't realize nothing was supposed to pop up.

 

Here is the log below: 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 23rd September, 2016
Running from:C:\Users\Marty\Desktop (05:19:39 - 09/28/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Google Chrome
***-----------------Anti-Virus - Firewall-------------------***
Kaspersky Internet Security (Disabled - Up to Date)
Kaspersky Internet Security
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 23.0.0.162)
CCleaner (version 5.21)
Google Chrome (version 53)
HitmanPro (version 3.7)
Java (version 8.0.1010.13)
Malwarebytes Anti-Malware (version 2.2.1.1043)
 
Mozilla Firefox (version 48.0) is *out of Date*
 
***----------------Analysis Complete-------------------------***


#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 30 September 2016 - 06:55 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 01 October 2016 - 01:08 PM

Hello psychicguy.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.
 

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.
Please follow the directions in the order listed.


You did not posted the contents of Addition.txt. I need to see its contents. Please post it in your next reply for my review.


Do you know these two files (in bold)?
C:\Users\Marty\Desktop\cc_20160831_015234.reg
C:\Users\Marty\Desktop\NA1_2277020227.bat
 

IF you don't know them please post its contents in your next reply.
Do to that right-click on the files and select Edit with Notepad
Copy and paste the contents from both files in to your next reply.

 

 

NOTICE: The script below was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open Notepad (Start > All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
C:\Program Files\Windows Defender\mpsvc.dll

 

End


Save the files as fixlist.txt in to the same folder as FRST64
Run FRST64 and click Fix only once and wait.
When finished FRST64 will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

 

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


In your next reply please post:
The contents of cc_20160831_015234.reg and NA1_2277020227.bat (ONLY IF you don't know them).
The contents of Addition.txt
The contents of fixlog.txt
AdwCleaner log.
ESET log (if it produced one).


How is your computer running now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 01 October 2016 - 09:07 PM

# AdwCleaner v6.020 - Logfile created 01/10/2016 at 19:51:10
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-01.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Marty - MARTY-PC
# Running from : C:\Users\Marty\Desktop\adwcleaner_6.020.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [993 Bytes] - [01/10/2016 19:51:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1065 Bytes] ##########
 
 
I know these reg and .bat files.
 
 
Below is more logs: 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Marty (01-10-2016 19:47:44) Run:4
Running from C:\Users\Marty\Documents\Malware removal tools
Loaded Profiles: Marty (Available Profiles: Marty)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
 
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
C:\Program Files\Windows Defender\mpsvc.dll
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found. 
WinDefend => Service stopped successfully.
WinDefend => service removed successfully
C:\Program Files\Windows Defender\mpsvc.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5156702 B
Java, Flash, Steam htmlcache => 249509353 B
Windows/system/drivers => 110648 B
Edge => 0 B
Chrome => 272289698 B
Firefox => 13518252 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1150 B
Marty => 17998851 B
 
RecycleBin => 0 B
EmptyTemp: => 540.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:47:54 ====
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Marty (01-10-2016 20:02:09)
Running from C:\Users\Marty\Documents\Malware removal tools
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-14 19:27:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2836415364-1053990731-2268990577-500 - Administrator - Disabled)
Guest (S-1-5-21-2836415364-1053990731-2268990577-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836415364-1053990731-2268990577-1002 - Limited - Enabled)
Marty (S-1-5-21-2836415364-1053990731-2268990577-1000 - Administrator - Enabled) => C:\Users\Marty
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acquisition version 0.5g (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.5g - )
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASTRO Command Center (HKLM-x32\...\{43D37D7F-1FCC-4B00-ADCF-44C48629C18B}) (Version: 1.0.85 - Astro Gaming)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.563 - Camshare, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version:  - Creative Technology Limited)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Far Cry Primal (HKLM\...\Steam App 371660) (Version:  - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
MindZoom 2.2.0 Plus (HKLM-x32\...\MindZoom_is1) (Version:  - mindzoom.net)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.810 - Razer Inc.)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
Street Fighter V (HKLM\...\Steam App 310950) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Evil Within (HKLM\...\Steam App 268050) (Version:  - Tango Gameworks)
Tibia (HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\Tibia) (Version:  - CipSoft GmbH)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wander (HKLM\...\Steam App 293280) (Version:  - Wander MMO)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04999245-04AC-47DB-84DA-80393FCD2BC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {19D66E5B-29D7-4A15-80D5-8EB83AA2826D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {2D81BDFE-96E0-4EE5-822B-0B3EA2CDDE96} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {3D8F6540-8177-4110-85F3-FE0CE056EE9C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {50F401A7-B875-49BE-ACD3-4F346A4EA71B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D8F8B7F-4E70-469A-A350-36A81DBC3B69} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {71340D4D-35E3-448B-B396-5E9EAD54D629} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {CFFE8AED-E4BE-418D-909C-E895017F9B78} - System32\Tasks\{658D4217-A2C9-47CA-A6CA-91B0BB225D9B} => pcalua.exe -a "C:\Users\Marty\Desktop\Display Driver Uninstaller.exe" -d C:\Users\Marty\Desktop
Task: {FC40276F-D1FA-4A57-954E-363D40CA1426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-28 05:33 - 2016-09-16 15:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-04 16:11 - 2015-11-04 16:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-08-07 20:37 - 2016-08-07 20:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-09-16 19:33 - 2016-09-13 19:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-16 19:33 - 2016-09-13 19:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2014-10-01 02:23 - 2014-10-01 02:23 - 02140672 _____ () C:\Program Files (x86)\ManyCam\opencv_core2410.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 01891840 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc2410.dll
2014-10-01 02:25 - 2014-10-01 02:25 - 00654848 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect2410.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 02147840 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui2410.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 00360960 _____ () C:\Program Files (x86)\ManyCam\opencv_video2410.dll
2016-07-14 14:04 - 2016-09-07 20:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-14 14:04 - 2016-08-31 18:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-14 14:04 - 2016-08-31 18:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-14 14:04 - 2016-08-31 18:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-14 14:04 - 2016-09-20 12:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-14 14:04 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-14 14:04 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-14 14:04 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-14 14:04 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-14 14:04 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-14 14:04 - 2016-09-20 12:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-11 18:02 - 2004-06-12 15:55 - 00274432 _____ () C:\Program Files (x86)\Mindzoom\lame_enc.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2016-07-27 19:55 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-07-27 19:55 - 2009-06-29 10:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-07-07 20:33 - 2010-07-07 20:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2016-08-19 00:39 - 2016-08-19 00:39 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-08-31 02:46 - 2015-08-27 14:30 - 40622592 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-07-14 14:04 - 2016-08-04 13:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-31 02:46 - 2015-10-06 12:26 - 50656768 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-08-31 02:46 - 2015-10-06 12:26 - 01874944 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-08-31 02:46 - 2015-10-06 12:26 - 00075264 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-08-31 02:46 - 2015-08-27 14:30 - 00911360 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2016-08-31 02:46 - 2015-08-27 14:30 - 00134144 _____ () C:\Users\Marty\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2016-07-14 13:27 - 2016-05-13 01:35 - 00021600 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\https -> https
IE restricted site: HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2836415364-1053990731-2268990577-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B938A5B6-40CB-41DB-86C1-2724E50325FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B44384B-5E04-4FCD-8E72-985BC0A098BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7A08735B-6A4D-42E2-BF61-5CB9D779BBAE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99606366-D687-4D51-8C4E-9CC4D8E693AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F812BD95-0886-49D1-8A24-38A75FBA8348}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC6D51DE-57E3-4464-9E6D-70ED6B4D1F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C1D3883-5852-4160-A7E5-DE0664BF6890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{F8E05FBB-76B4-41E7-AC01-AA84CDC21143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{E7866DC3-EAD4-4DDF-AF98-D2D3501C3790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StreetFighterV\StreetFighterV.exe
FirewallRules: [{F4FC4F81-7248-487E-AFA8-49A1C385627C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StreetFighterV\StreetFighterV.exe
FirewallRules: [{6BCFD232-A14D-4439-8F65-9048B11ECB61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{FBFF976E-4455-4B66-B191-C08716A62B7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{5E794FDB-5E11-4F9F-A3F6-D68E7076B56B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{BDB6D104-ADB1-4C35-BD77-5463E7BD365F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{BF25BCC0-612F-4970-A559-597D9EA55F03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{29925493-1838-4D5D-8A4E-C063942C0FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{FFECCA28-D116-4B7E-9D49-9D470CE90405}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3610F7A3-BA9B-4D8B-B50C-9454BA8E4033}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07285E86-FE7B-483B-8267-F7E2C3850863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{3163F226-BE90-4572-8EBA-0385F8B3A7FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{EAFB0F6F-E3FE-4BCF-82D1-EAA7B3E65AA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{A5DB89B2-89D9-40FD-ACB6-14673DCB81E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{7F025EEC-94E7-41BA-AD5C-9FFEFC0E331E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{41ACCB1E-7B75-4918-B357-AF31562A523C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{7CBD05C4-9CBC-4F5F-BF76-3C871B44382F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{6E0E84DC-A44B-453D-88D7-F373E66649D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{F1ADA963-00F5-480B-8774-75C744B4E032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{429DB2F6-E78C-41FD-8047-BC4EE8F07606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{424759DE-B612-45E2-8359-B8E617266887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1A20E04B-2C24-4FD0-B78F-E682482D0D15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6AF20985-2D61-4723-B45A-C0E5CAB4FD2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CF871ACB-445E-43A8-AEFE-2AFD70C07805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{2B2C4EA6-207A-4E1A-B4E9-F9E413389235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3BA51D57-38A4-4B9A-BEE5-DC1CA79BE080}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{932104DD-A87F-4512-82B1-46FCE4AA5B51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wander\Bin64\wander.exe
FirewallRules: [{DC30ABA0-52AA-4E4E-BF71-C335AA430685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wander\Bin64\wander.exe
FirewallRules: [{FE93B349-988B-4792-97EA-B0F80FF01D3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{1C0193AF-A07A-4880-942C-2C11AD65356C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry Primal\bin\FCPrimal.exe
 
==================== Restore Points =========================
 
30-09-2016 09:18:00 Windows Update
01-10-2016 19:47:44 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2016 07:50:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/28/2016 05:39:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/28/2016 05:36:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/28/2016 05:35:45 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2836415364-1053990731-2268990577-1000}/">.
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/28/2016 05:35:44 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Camfrog Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/01/2016 07:47:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/01/2016 07:47:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (10/01/2016 07:47:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ManyCam Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/01/2016 07:47:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16319.83 MB
Available physical RAM: 12254.27 MB
Total Virtual: 32637.85 MB
Available Virtual: 28012.17 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:419.18 GB) (Free:18.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000CE7FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 9116D930)
Partition 1: (Not Active) - (Size=419.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
ESET Didn't catch anything.
 
I know the two files :  cc_20160831_015234.reg and NA1_2277020227.bat
 
Computer seems okay...I might have to play around with it in my games too see if I still lag.
 
Thanks!


#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 02 October 2016 - 05:15 AM

Hello psychicguy.

Congratulations! Your computer seems to be free of malware. :good:

Please enable your Kaspersky Antivirus if you have not already done it.

Please update your Mozilla Firefox browser. Old versions may contain security vulnerabilities.
You can find instructions on how to do it here


Download delfix.pngDelFix (by Xplode) and save it to your Desktop.

Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run
DelFix should remove all the tools and delete itself afterwards.

I don't need the log file.

 

Are there any issues with your computer?


Edited by Android 8888, 02 October 2016 - 05:20 AM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 03 October 2016 - 01:33 AM

working great thanks!



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 03 October 2016 - 05:18 AM

If all is well:
 

Some suggestions to improve your computer's speed:
Take a look at this page created by miekiemoes, on slow systems, and some things you can try to do to try to improve it. Help! My computer is slow!
You may also find this helpful: Slow Computer?


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

  • Keep Windows updated at Windows Update
  • Keep your Kaspersky Internet Security Anti-Virus up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here
Please note: Only the paid for version has real time capabilities.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

 

A similar category of programs is called "scareware". Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

 
Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info about this terrible threat here and here.
 

Please keep your programs up to date. This applies to Java, Adobe Flash Player and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker or Heimdal Free to see what programs need to be updated.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. :thumbup:

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 04 October 2016 - 02:03 AM

Now I'm having problems installing a steam game.  It says I don't have enough space on my hard drive.  It's a 500gb solid state drive evo.

 

I need to somehow gain more space on it but I am unsure how or what I need to remove to gain space so I can install my game.



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 04 October 2016 - 08:29 AM

Hi psychicguy.

In your previous Addittion.txt log I can see that the Active Partition (the bootable partition that contains the Windows Operating System) is located on a drive with a size of 931.5 GB. Also, your 500 GB SSD has only about 18 GB of free space which is a very small size compared to its total capacity.

 

Are you using the 500 GB SSD only to store data files (documents, games, programs, etc)?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 30 October 2016 - 04:29 PM

Since the issue appear to be resolved, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button