Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rapidly-replicating processes and spam audio [Solved]


  • This topic is locked This topic is locked

#1
Martel

Martel

    New Member

  • Member
  • Pip
  • 3 posts

My computer has gotten infected by some kind(s) of malware, which has(/have) two very noticeable symptoms.

 

The first is system processes and applications using inordinate amounts of RAM -- I caught Notepad using upwards of 500,000 K earlier, and it wasn't even open at that time. The biggest perpetrators are also supposedly running many times, conhost.exe and msiexec.exe being two that leap to mind.

 

The second symptom is sound almost constantly playing in the background, untraceable and unstoppable. Judging from what I've heard, it seems to be mostly audio from those spammy videos that autoplay on ad-heavy sites (I'm sure you know the type) or movie soundtrack-type orchestral music. Also, when I turn of the computer, the desktop will go white for some seconds, then show what appear to be browser windows open to various spam/ad/clickbait sites.

 

I've been struggling to stop this all day, without much success. AVG Free (which  I've had for ages) told me it "secured" two "threats" when I first booted up the computer today, but the issues persist despite AVG insisting my computer is clean, and just some basic manual clicking around my upper-level C: and Windows directories yields files that are clearly malware -- .exes and .dlls with Chinese (?) characters in their names, for example. I tried booting into safe mode and disabling every startup process, and even "shredded" the malware files I found by following many of them to their source, but they just keep coming. Finally, I tried messing around with FRST myself, but after nuking C:\Windows\winsxs\ (it had at least 8,000 malware folders titled amd64_blahblahblah) with it and having to go into recovery mode, I realized I couldn't solve the problem by myself.

 

Anyway, here's the logs I just got from FRST. I'd really appreciate some help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Cole (administrator) on PANICSTATION (15-08-2015 18:58:22)
Running from C:\Users\Cole\Desktop
Loaded Profiles: Cole (Available Profiles: Cole)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-04-23] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a] => C:\52e436a2\52e436a2.exe
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a2] => C:\Users\Cole\AppData\Roaming\52e436a2.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-05-06]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{3D0217CA-88BC-42C7-998A-6C598CA624BF}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{51261456-9B4D-415D-B090-97052541865B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{72FF6468-055A-4F73-A82C-2D07180E6C8E}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\v7f70g5p.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel 
 
Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel 
 
Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube Center) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajijnmbjgaeekdpmpohgppkckmnagimk [2014-12-01]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-23]
CHR Extension: (Google Drive) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]
CHR Extension: (Adblock Plus) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-13]
CHR Extension: (Google Search) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2014-07-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
CHR Extension: (Gmail) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]
CHR HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - 
 
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-13] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-24] (Qualcomm Atheros) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-11] (Microsoft Corporation)
S2 OraStream Service; C:\Windows\Installer\MSI5382.tmp [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [4057808 2013-09-04] (Qualcomm Atheros, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)
S3 iscFlash; C:\Users\Cole\AppData\Local\Temp\7zS12C5.tmp\iscflashx64.sys [58464 2012-07-12] (Insyde Software)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-07-23] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-23] (Synaptics Incorporated)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 17:42 - 2015-08-15 18:58 - 00018495 _____ C:\Users\Cole\Desktop\FRST.txt
2015-08-15 17:26 - 2015-08-15 17:26 - 02173952 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
2015-08-15 17:23 - 2015-08-15 17:23 - 00000000 ___RD C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-15 17:13 - 2015-08-15 17:45 - 00000000 ___HD C:\52e436a2
2015-08-15 17:08 - 2015-08-15 17:08 - 00314624 _____ C:\Windows\Minidump\081515-61947-01.dmp
2015-08-15 15:56 - 2015-08-15 16:20 - 00007397 _____ C:\Users\Cole\Desktop\Search.txt
2015-08-15 15:54 - 2015-08-15 18:58 - 00000000 ____D C:\FRST
2015-08-14 22:58 - 2015-08-14 22:59 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-08-14 22:57 - 2015-08-14 22:57 - 00015421 _____ C:\Users\Cole\Downloads\[rutracker.org].t5009986.torrent
2015-08-12 23:14 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 23:14 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:08 - 2015-08-15 14:03 - 00000000 ____D C:\Users\Cole\Desktop\76561198047276527
2015-08-12 19:08 - 2015-08-14 21:53 - 00000595 _____ C:\Users\Cole\Desktop\profile.bin
2015-08-12 14:02 - 2015-08-12 14:02 - 00024358 _____ C:\Users\Cole\Downloads\[rutracker.org].t3171958.torrent
2015-08-12 14:02 - 2015-08-12 14:02 - 00022666 _____ C:\Users\Cole\Downloads\[rutracker.org].t3117703.torrent
2015-08-12 14:01 - 2015-08-12 14:01 - 00023390 _____ C:\Users\Cole\Downloads\[rutracker.org].t3015641.torrent
2015-08-11 19:28 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 19:28 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 19:28 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 19:28 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 19:28 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 19:28 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 19:28 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 19:28 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 19:28 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 19:28 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 19:28 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 19:28 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 19:28 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 19:28 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 19:28 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 19:28 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 19:28 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 19:28 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 19:28 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 19:28 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 19:28 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 19:28 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 19:28 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 19:28 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 19:28 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 19:28 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 19:28 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 19:28 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 19:28 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 19:28 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 19:28 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 19:28 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 19:28 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 19:28 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 19:28 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 19:28 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 19:28 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 19:28 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 19:28 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 19:28 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 19:28 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 19:28 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 19:28 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 19:28 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 19:28 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 19:28 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 19:28 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 19:28 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 19:28 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 19:28 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 19:28 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 19:28 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 19:28 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 19:28 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 19:28 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 19:28 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 19:28 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 19:28 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 19:28 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 19:28 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 19:27 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 19:27 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 19:27 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 19:27 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 19:27 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 19:27 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 19:27 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 19:27 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 19:27 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 19:27 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 19:27 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 19:27 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 19:27 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 19:27 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 19:27 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 19:27 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 19:27 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 19:27 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 19:27 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 19:27 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 19:27 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 19:27 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 19:27 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 19:27 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 19:27 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 19:27 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 19:27 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 19:27 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 19:27 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 19:27 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 19:27 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 19:27 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 19:27 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 19:27 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 19:27 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 19:27 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 19:27 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 19:27 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 19:27 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 19:27 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 19:27 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 19:27 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 19:27 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 19:27 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 19:27 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 19:27 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 19:27 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 19:27 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 19:27 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 19:27 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 19:27 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 19:27 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 19:27 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 19:27 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:27 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:27 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 19:27 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 19:23 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 19:23 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 19:23 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 19:23 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 19:23 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 19:23 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 19:23 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 19:23 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 19:23 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 19:23 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 19:23 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 19:23 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 19:23 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 19:23 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 19:23 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 19:23 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 19:23 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 19:23 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 19:23 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 19:23 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 19:23 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 19:23 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 19:23 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 19:23 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 19:23 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 19:23 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 19:23 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 19:23 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 19:23 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 19:23 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 19:23 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:23 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 19:23 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 19:23 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 19:23 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 19:23 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 19:23 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-07 21:03 - 2015-08-07 21:03 - 00016694 _____ C:\Users\Cole\Downloads\[rutracker.org].t4308386.torrent
2015-08-04 21:31 - 2015-07-28 20:55 - 08677671 _____ C:\Users\Cole\Desktop\Save 107 - Marlow  The Ragged Flagon  76.23.45.ess
2015-08-03 01:28 - 2015-08-03 01:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-08-03 01:28 - 2015-08-03 01:28 - 00000000 ____D C:\Windows\system32\NV
2015-08-03 01:28 - 2015-07-22 20:46 - 00572232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-03 01:26 - 2015-07-23 00:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-03 01:26 - 2015-07-23 00:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00503592 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-08-03 01:26 - 2015-07-23 00:06 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-03 01:26 - 2015-07-23 00:06 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-07-31 21:20 - 2015-07-03 00:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-31 21:20 - 2015-07-03 00:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-31 21:14 - 2015-08-15 20:32 - 00000000 ____D C:\Users\Cole\Documents\DyingLight
2015-07-25 01:02 - 2015-07-25 01:02 - 00015349 _____ C:\Users\Cole\Downloads\[rutracker.org].t5007568.torrent
2015-07-24 02:17 - 2015-07-24 02:17 - 00011696 _____ C:\Users\Cole\Downloads\[rutracker.org].t5038493.torrent
2015-07-24 01:54 - 2015-07-24 01:54 - 12470114 _____ C:\Users\Cole\Downloads\amlvxfs.djvu
2015-07-21 23:28 - 2015-07-21 23:28 - 00000000 ____D C:\Users\Cole\AppData\Local\CEF
2015-07-18 23:06 - 2015-07-18 23:06 - 00012644 _____ C:\Users\Cole\Downloads\[rutracker.org].t4966824.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 21:04 - 2015-04-05 20:36 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-15 21:04 - 2015-04-05 20:36 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-15 21:04 - 2014-12-10 19:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-15 21:04 - 2014-06-13 15:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-15 21:04 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-15 21:04 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-08-15 21:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\uk-UA
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\th-TH
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sppui
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sl-SI
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sk-SK
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Setup
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ro-RO
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ras
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\oobe
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\manifeststore
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\icsxml
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\hr-HR
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\he-IL
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\com
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\bg-BG
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ar-SA
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-15 21:04 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2015-08-15 20:59 - 2015-04-27 22:34 - 00000000 ____D C:\ProgramData\Atheros
2015-08-15 20:59 - 2015-04-27 22:30 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-08-15 20:59 - 2015-04-05 22:18 - 00000000 ____D C:\Program Files\PowerISO
2015-08-15 20:59 - 2014-06-12 19:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-15 20:59 - 2014-06-12 18:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-15 20:56 - 2015-05-04 19:19 - 00000000 ____D C:\Windows\pss
2015-08-15 20:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-08-15 20:32 - 2015-04-27 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2015-08-15 20:32 - 2015-04-27 22:29 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2015-08-15 20:32 - 2015-04-18 17:51 - 00000000 ____D C:\Users\Cole\AppData\Local\NVIDIA
2015-08-15 20:32 - 2015-04-18 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-15 20:32 - 2015-04-18 16:28 - 00000000 ____D C:\Users\Cole\Documents\Rockstar Games
2015-08-15 20:32 - 2015-04-18 16:27 - 00000000 ____D C:\Program Files\Rockstar Games
2015-08-15 20:32 - 2015-04-05 22:20 - 00000000 ____D C:\Users\Cole\AppData\Roaming\PowerISO
2015-08-15 20:32 - 2015-02-25 20:36 - 00000000 ____D C:\Program Files\MotioninJoy
2015-08-15 20:32 - 2015-02-01 21:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-15 20:32 - 2014-12-05 00:13 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Mozilla
2015-08-15 20:32 - 2014-10-23 22:05 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-15 20:32 - 2014-09-27 18:47 - 00000000 ____D C:\Users\Cole\AppData\Local\4A Games
2015-08-15 20:32 - 2014-06-20 12:33 - 00000000 ____D C:\Users\Cole\Documents\My Games
2015-08-15 20:31 - 2015-07-11 23:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-15 20:31 - 2015-06-25 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-15 20:31 - 2015-06-19 21:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-08-15 20:31 - 2015-04-29 19:48 - 00000000 ____D C:\Program Files\Java
2015-08-15 20:31 - 2015-04-27 22:29 - 00000000 ____D C:\Program Files\Cisco
2015-08-15 20:31 - 2015-04-20 02:09 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-08-15 20:31 - 2015-04-18 17:40 - 00000000 ____D C:\NVIDIA
2015-08-15 20:31 - 2015-04-18 16:27 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-08-15 20:31 - 2014-12-05 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-15 20:31 - 2014-10-23 22:05 - 00000000 ____D C:\Program Files\iTunes
2015-08-15 20:31 - 2014-10-23 22:05 - 00000000 ____D C:\Program Files\iPod
2015-08-15 20:31 - 2014-10-23 22:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-15 18:30 - 2014-06-12 21:35 - 01673994 _____ C:\Windows\WindowsUpdate.log
2015-08-15 18:19 - 2014-06-12 18:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 18:15 - 2014-06-12 19:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 17:43 - 2014-08-15 03:18 - 00000000 ____D C:\ProgramData\MFAData
2015-08-15 17:31 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 17:31 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 17:23 - 2014-06-12 19:42 - 00003228 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2015-08-15 17:23 - 2014-06-12 18:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 17:22 - 2014-08-16 15:11 - 00054689 _____ C:\Windows\setupact.log
2015-08-15 17:22 - 2014-06-12 19:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-15 17:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 17:08 - 2014-09-23 15:30 - 00000000 ____D C:\Windows\Minidump
2015-08-15 17:08 - 2014-06-12 18:25 - 00000000 ____D C:\Users\Cole
2015-08-15 17:07 - 2014-09-23 15:29 - 581551305 _____ C:\Windows\MEMORY.DMP
2015-08-15 13:28 - 2014-08-15 03:20 - 00000000 ____D C:\ProgramData\AVG2014
2015-08-14 23:13 - 2014-06-30 13:36 - 00000000 ____D C:\Users\Cole\AppData\Roaming\foobar2000
2015-08-14 23:13 - 2014-06-13 00:15 - 00000000 ____D C:\Users\Cole\AppData\Roaming\Azureus
2015-08-14 22:55 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-13 22:22 - 2014-06-13 17:19 - 00000000 ____D C:\Users\Cole\AppData\Local\CrashDumps
2015-08-12 18:27 - 2009-07-14 00:45 - 04888728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 18:26 - 2014-06-19 22:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 18:26 - 2014-06-19 22:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 17:43 - 2015-07-11 23:07 - 00000000 ____D C:\Users\Cole\AppData\Roaming\vlc
2015-08-12 14:07 - 2014-06-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 14:00 - 2014-06-13 17:15 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 13:55 - 2014-06-13 17:15 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 19:15 - 2014-08-15 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-03 01:28 - 2014-06-12 19:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-24 00:21 - 2015-04-18 17:45 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-24 00:21 - 2015-04-18 17:45 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-24 00:21 - 2015-04-18 17:45 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-24 00:21 - 2015-04-18 17:45 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-23 00:06 - 2015-04-18 17:42 - 03008880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 12876336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 01101856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 00940104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-23 00:06 - 2014-06-12 19:46 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-22 21:31 - 2014-06-12 19:46 - 06873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-22 21:31 - 2014-06-12 19:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-07-22 21:31 - 2014-06-12 19:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieUserList
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieSiteList
2015-07-20 10:16 - 2014-06-12 19:46 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-07-19 19:20 - 2014-12-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-18 23:14 - 2014-06-12 18:49 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-18 23:14 - 2014-06-12 18:49 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-08-14 23:28 - 2015-06-25 21:56 - 0000132 _____ () C:\Users\Cole\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-08 20:28 - 2015-01-26 19:55 - 0012005 _____ () C:\Users\Cole\AppData\Roaming\alsoft.ini
2015-04-27 22:21 - 2015-04-27 22:21 - 0000000 _____ () C:\Users\Cole\AppData\Local\BluetoothPresent.flag
2015-04-27 22:21 - 2015-04-27 22:21 - 0000000 _____ () C:\Users\Cole\AppData\Local\Driver_Jupiter_01Present.flag
2015-05-03 19:32 - 2015-05-03 19:32 - 0007617 _____ () C:\Users\Cole\AppData\Local\Resmon.ResmonCfg
2014-06-12 19:42 - 2014-06-12 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Cole\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Cole\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpypczrn.dll
C:\Users\Cole\AppData\Local\Temp\i4jdel0.exe
C:\Users\Cole\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Cole\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Cole\AppData\Local\Temp\mirc734.exe
C:\Users\Cole\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll
C:\Users\Cole\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cole\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-03 00:51
 
==================== End of log ============================
 
 
And here's Addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Cole (2015-08-15 18:58:51)
Running from C:\Users\Cole\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934070568-3600879968-1804549010-500 - Administrator - Disabled)
Cole (S-1-5-21-2934070568-3600879968-1804549010-1001 - Administrator - Enabled) => C:\Users\Cole
Guest (S-1-5-21-2934070568-3600879968-1804549010-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be 
 
uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems 
 
Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4830 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4830 - AVG Technologies) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.4 - Synaptics Incorporated)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Dropbox (HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Edison (HKLM-x32\...\Edison) (Version:  - Image-Line)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Development Studio)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel 
 
Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel 
 
Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1031 - Intel 
 
Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel 
 
Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 
 
- Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel 
 
Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft 
 
Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft 
 
Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 
 
- Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 
 
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 
 
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 
 
9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 
 
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) 
 
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) 
 
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 
 
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 
 
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 
 
11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 
 
11.0.61030.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - 
 
www.motioninjoy.com)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA 
 
Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 
 
2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA 
 
Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA 
 
Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - 
 
NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OraStream (HKLM-x32\...\{EB19D04D-EB3A-4E21-94EA-303B5D689D6A}) (Version: 1.3.1 - OraStream)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.35.1064 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1064 - Qualcomm 
 
Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek 
 
Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28094 - Realtek 
 
Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
Sam & Max 201: Ice Station Santa (HKLM-x32\...\Steam App 8260) (Version:  - Telltale Games)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - Big Robot Ltd)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 
 
4.11.0018 - ST Microelectronics)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG 
 
Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG 
 
Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed 
 
separately.)
 
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-
 
C0CE100EA736}\localserver32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-
 
B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\qwave.dll (ro osoraiotprcifnCotM) 
 
<==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-
 
CDD82E34AF8B}\InprocServer32 -> C:\Users\Cole\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
15-08-2015 13:35:40 Installed DirectX
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed 
 
separately.)
 
Task: {150B7F02-60A8-4F36-9562-26B83A3D83A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {3C42AD54-2E4E-41EB-B33E-E7D338B373F3} - System32\Tasks\1114avUpdateInfo => C:\ProgramData\Avg_Update_1114av
 
\1114av_AVG-Secure-Search-Update.exe [2014-10-08] ()
Task: {44A7587B-C459-4290-8D3E-053B63798946} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple 
 
Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51A52C6A-B6B6-4231-B790-E59F1A6797C8} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => 
 
Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {7040F368-2CF4-4AA9-9CD7-5A69E4CFA29E} - System32\Tasks\0615avUpdateInfo => C:\ProgramData\Avg_Update_0615av
 
\0615av_AVG-Secure-Search-Update.exe [2015-05-07] ()
Task: {75C8A58B-1184-4F4A-AE90-EB090643972F} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av
 
\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {8E742546-B09D-4EFE-A135-FB0B3616AC8D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files 
 
(x86)\Intel\irstrt\RapidStartConfig.exe [2012-05-16] (Intel)
Task: {9C9138D0-3322-467C-8C44-766282198E11} - System32\Tasks\{DD60CCB4-499B-4F06-9BAF-88929AEE0A6D} => pcalua.exe -a C:
 
\Users\Cole\Pictures\WinInstallerPandaUSBAdapterV1.9.exe -d C:\Users\Cole\Pictures
Task: {BCB8490B-85C0-4448-B5DA-A85439CCECFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common 
 
Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C29094EE-5D9E-4C22-BB23-6830566B7A78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {F5493930-D610-42AF-A9EA-AACCD80647E4} - System32\Tasks\{AFF2EA77-6CA4-47A5-93AD-DE77D48E5F5B} => pcalua.exe -a C:
 
\Users\Cole\Downloads\vcredist_x86.exe -d C:\Users\Cole\Downloads
Task: {FAD23DD8-04BE-403E-92C9-8EED749D62FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed
 
\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not 
 
be moved.)
 
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0615avUpdateInfo.job => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-12 19:46 - 2015-07-23 00:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-12 19:46 - 2015-07-22 21:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:03 - 2013-09-05 00:03 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-11 15:41 - 2012-09-05 18:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-24 12:03 - 2013-09-24 12:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-08-13 19:24 - 2015-08-07 21:30 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application
 
\44.0.2403.155\libglesv2.dll
2015-08-13 19:24 - 2015-08-07 21:30 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application
 
\44.0.2403.155\libegl.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support
 
\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support
 
\libxml2.dll
2014-06-12 19:46 - 2015-07-23 00:06 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-18 17:44 - 2015-07-24 00:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-12 19:49 - 2012-02-01 17:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components
 
\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cole\AppData\Roaming
 
\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) 
 
(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA
 
\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager
 
\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows
 
\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed 
 
separately.)
 
FirewallRules: [{D3005232-51C0-4009-8EB0-A27261F18759}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update 
 
Core\daemonu.exe
FirewallRules: [{7ACB5EDE-BE1D-464B-81FC-55FC0C7F02DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update 
 
Core\daemonu.exe
FirewallRules: [{55A1D25B-E01E-4743-B479-67DC99BB14F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3427D8AD-7CCC-44FB-B7B1-A291CCE6AB26}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{067F00BF-6213-4998-9CBF-2CDF422EC749}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D16F22A4-799B-4824-AC5E-422D7EF4E789}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C481DE84-8E5C-46F7-894B-0CFB42EA5CBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A21B111-F721-4608-8707-8F3A9145545C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{961555BF-9148-457A-87B3-D19E419C3A24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team 
 
Fortress 2\hl2.exe
FirewallRules: [{0833741D-EF1D-42F7-9AA1-F3E77FF7DC50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team 
 
Fortress 2\hl2.exe
FirewallRules: [{BF0583F4-4B78-468A-94D6-F2E8488F8058}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa 
 
Universalis IV\eu4.exe
FirewallRules: [{708AF88F-80E5-458E-B0DF-436BE42E8654}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa 
 
Universalis IV\eu4.exe
FirewallRules: [{18FAF351-F126-452C-8CB7-263D7CAC5E0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader 
 
Kings II\ck2game.exe
FirewallRules: [{74E47CAA-2559-4924-BE46-18D8A8E1373F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader 
 
Kings II\ck2game.exe
FirewallRules: [{80A710C2-0DAA-471A-9B20-F6BB34209CD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Victoria 
 
2\victoria2.exe
FirewallRules: [{33D548E6-7F85-4E02-9D73-D80344CA560A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Victoria 
 
2\victoria2.exe
FirewallRules: [TCP Query User{6FE019ED-47FF-4F17-B3C4-5B00BB2409A0}C:\program files\vuze\azureus.exe] => (Block) C:\program 
 
files\vuze\azureus.exe
FirewallRules: [UDP Query User{C192A46E-69D9-4EF1-9DD7-963429C9B9EF}C:\program files\vuze\azureus.exe] => (Block) C:\program 
 
files\vuze\azureus.exe
FirewallRules: [{E6CCF3BE-C1DE-45F8-9A7A-63C089661083}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-
 
Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{72B358A6-DE7B-46C7-A14F-AFFBC57197B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-
 
Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{981697A6-8B98-48E7-A6D9-6F2D1D634F69}C:\program files (x86)\steam\steamapps\common\xcom-
 
enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown
 
\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{0E734A1A-89EF-46BC-8969-CEB35D0A7B45}C:\program files (x86)\steam\steamapps\common\xcom-
 
enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown
 
\xew\binaries\win32\xcomew.exe
FirewallRules: [{C84A6E1A-1A7E-459D-8CCB-C3AAD212265E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New 
 
Vegas\FalloutNVLauncher.exe
FirewallRules: [{72831C1E-6767-4D17-9D5B-1B5B814AC2EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New 
 
Vegas\FalloutNVLauncher.exe
FirewallRules: [{242429F0-93A4-4E36-924A-4D18EE8B3D83}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 
 
2\Binaries\Win32\Launcher.exe
FirewallRules: [{7EF4C309-669A-4379-B63E-AC1965442431}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 
 
2\Binaries\Win32\Launcher.exe
FirewallRules: [{98A52511-57A9-45A0-91AB-B09104AD14A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 
 
Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C88B146E-05E6-4451-9D04-36F961D6378F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 
 
Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C84EB8F4-DAA2-4B78-B0D7-5C1FBA02B828}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock
 
\Builds\Release\Bioshock.exe
FirewallRules: [{A6329BF5-B947-4FAB-A7B8-0332663913CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock
 
\Builds\Release\Bioshock.exe
FirewallRules: [{3BAC7076-77C5-4A99-BA6E-CEDE594A774E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 
 
2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{87B3E83B-770A-4FCC-8589-96B8DBF4FD0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 
 
2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{D205FBBE-4436-4B60-B395-01F112665E72}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:
 
\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{75BDFDF0-F2FE-47B4-8D32-21A07D8C0E47}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:
 
\program files (x86)\mirc\mirc.exe
FirewallRules: [{1FE8314E-A4A5-4F45-B0EE-BE03943EB85D}] => (Allow) C:\Users\Cole\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D58DE72E-9DB3-4257-B2EA-2B20F45234D7}] => (Allow) C:\Users\Cole\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4950EEB7-CA0B-4D0F-A1F6-8014F37E7942}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0EBDB56C-B426-493A-ACA0-400E9F3FA509}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5A94D17-2F54-4D8C-AE2B-2CB807C29BBF}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9E4907AE-ECC1-43AA-BF28-774797D98D0B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{53888477-F60C-40AB-8CC2-71CB01BEA1DD}] => (Block) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{546065CB-5ED6-480A-A53F-695E6B13402F}] => (Block) C:\Program Files (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [TCP Query User{B93B23A3-3B17-4EDA-AE46-B6D530A11D9E}C:\users\cole\appdata\roaming\dropbox\bin\dropbox.exe] 
 
=> (Block) C:\users\cole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9860A61B-D0E5-4D0A-9A10-816B90ADD084}C:\users\cole\appdata\roaming\dropbox\bin\dropbox.exe] 
 
=> (Block) C:\users\cole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{39BEF7F1-D110-4DD5-84E0-64CB8C6A8B1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of 
 
Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{A09C45B8-0856-4554-AB06-2E1753EF000A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of 
 
Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{2477FB2E-9FFC-4089-8EAB-D1C820B32038}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of 
 
Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{90BFFA2C-EA10-4822-A551-E327AA7AE30D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of 
 
Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{38B8D28B-B4ED-44D8-9067-5D935A21BD6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker 
 
Call of Pripyat\Stalker-COP.exe
FirewallRules: [{A15E8F69-B148-406B-9256-A321823AC156}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker 
 
Call of Pripyat\Stalker-COP.exe
FirewallRules: [{D93CF3D4-B99F-4E4C-B20F-B2A66BC4D28E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last 
 
Light\MetroLL.exe
FirewallRules: [{013ACB21-8AB9-4B54-9EAD-BF0D71C9EE4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last 
 
Light\MetroLL.exe
FirewallRules: [{F711EEEA-B538-43C1-8893-08DF65C086E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of 
 
Iron 3\hoi3.exe
FirewallRules: [{E8A35B46-2F9D-4FC8-BD6D-C274EEEA0AB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hearts of 
 
Iron 3\hoi3.exe
FirewallRules: [{7E040E23-6BBC-4DB9-B5A8-3986D8EF8D00}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{09CDD384-1031-4C5C-B07D-8B05BD3EBBB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{BDE48BF8-A559-41FF-B83C-F184F209923C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{829688B4-5960-49A8-A796-3366999BEE2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{54AC7E25-ABB9-44C9-9865-F8A23B766748}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{B07BE4A1-7500-447E-AE3D-F9837347A70D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033 
 
Redux\metro.exe
FirewallRules: [{0FEE811E-5A46-4370-9844-9CC043067002}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033 
 
Redux\metro.exe
FirewallRules: [{63939155-DA84-4DD4-8D44-BD2F244B9D62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from 
 
the Borderlands\GameApp.exe
FirewallRules: [{DE7340FB-A124-413C-900C-90E16757FE82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from 
 
the Borderlands\GameApp.exe
FirewallRules: [{D4F671C4-ED9A-4AEE-BD05-1442114BE13E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from 
 
the Borderlands\Borderlands.exe
FirewallRules: [{D71285D4-A222-473B-9991-E7CEFEA60B02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from 
 
the Borderlands\Borderlands.exe
FirewallRules: [TCP Query User{AA2B7062-8145-4406-A228-F830AC57B81F}C:\program files (x86)\steam\steamapps\common\total war 
 
rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{E9A033F8-9A99-433A-85DF-ED35F477FAF6}C:\program files (x86)\steam\steamapps\common\total war 
 
rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{C3D77FB8-E2D3-4E8C-A262-EBD3916AE69C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim
 
\SkyrimLauncher.exe
FirewallRules: [{373BB9C8-C86F-4CEE-BFCD-0BB9A36DBA26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim
 
\SkyrimLauncher.exe
FirewallRules: [{FD36FEE8-1D73-4138-9754-5790C6580730}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\TheLongDark\tld.exe
FirewallRules: [{8FCDAA93-7EE4-4CF1-A270-461EDCF1816E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\TheLongDark\tld.exe
FirewallRules: [{567DFC60-5FEC-41F1-97D1-DCDD01F776B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{48E5CE28-057C-4584-BA23-E2EC94A25674}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ\FEZ.exe
FirewallRules: [{DC47FA6D-1848-4E23-95AF-DADB678A0C07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ
 
\FEZ_LaunchOptions.exe
FirewallRules: [{63F88344-7A25-4D17-80E6-EF51493768CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FEZ
 
\FEZ_LaunchOptions.exe
FirewallRules: [{FB8D97AC-8FB9-4059-A0D0-F08A819936E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust
 
\Legacy\rust.exe
FirewallRules: [{805DC2AC-BAC8-4BF4-821E-C743A76C179A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust
 
\Legacy\rust.exe
FirewallRules: [{F76D4291-EDAF-4775-8E78-AA073B9BF7E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War 
 
Rome II\launcher\launcher.exe
FirewallRules: [{CA8991C2-EA7D-4E55-96C8-B9A460478279}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War 
 
Rome II\launcher\launcher.exe
FirewallRules: [{F3DA895C-A26C-425F-A2EF-061A6E2E08A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust
 
\Legacy\rust.exe
FirewallRules: [{85F3F9A4-65CE-422A-97B6-DFB25118493A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rust
 
\Legacy\rust.exe
FirewallRules: [{70B9D83D-E362-43FF-8A01-933FFA82B9A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sam and Max 
 
Season 2 Episode 1\SamMax201.exe
FirewallRules: [{508FD724-E940-4F99-88EE-647A569E985C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sam and Max 
 
Season 2 Episode 1\SamMax201.exe
FirewallRules: [{C0A985FE-0D36-4626-8C4E-531FFEB44AC1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{F8EBED0B-14DE-4DBC-806A-8E66635B376E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{7DABE653-B778-42AF-BA91-602A239DB7BE}C:\program files (x86)\orastream\orastream.exe] => 
 
(Allow) C:\program files (x86)\orastream\orastream.exe
FirewallRules: [UDP Query User{13931805-4564-41EA-8E23-86FFDC820A3A}C:\program files (x86)\orastream\orastream.exe] => 
 
(Allow) C:\program files (x86)\orastream\orastream.exe
FirewallRules: [{7D5C23AA-C382-403F-98F0-8210F15F0FB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker 
 
Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{875AB327-C429-4304-8A90-8A749B7C29AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stalker 
 
Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{D281242C-0A2D-42CC-BD21-2BCAD84797D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft 
 
Auto V\GTAVLauncher.exe
FirewallRules: [{4B688351-E478-46D7-8C66-5CD8054B89BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft 
 
Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{89812513-4E8A-4CCD-A59A-66078326DE7D}C:\program files (x86)\steam\steamapps\common\grand 
 
theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1D454305-8849-4DA6-A205-31F5227C8076}C:\program files (x86)\steam\steamapps\common\grand 
 
theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{28438C6A-E5D7-4FB2-9718-2158B1A3A13A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService
 
\NvNetworkService.exe
FirewallRules: [{1D285FBE-21CB-4840-840F-31B8CB3C4A4F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService
 
\NvNetworkService.exe
FirewallRules: [{B175693D-3FBC-424D-9A8B-7CD9BA35866A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 
 
2\portal2.exe
FirewallRules: [{70EAC849-1DD6-4F5F-A9DD-2804D1060D43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 
 
2\portal2.exe
FirewallRules: [{F95049D1-345C-49EA-801F-A3AF990D8B8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gone Home
 
\GoneHome.exe
FirewallRules: [{43F29943-042B-4E6E-B130-B5050EFDA47B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gone Home
 
\GoneHome.exe
FirewallRules: [{07E792DE-42EC-4B20-8C6C-6BC0EA72B7AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal
 
\hl2.exe
FirewallRules: [{610E1601-BB02-48EC-BC79-EEEFFE405ACC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal
 
\hl2.exe
FirewallRules: [{B90DDBAA-7F76-4659-A9D4-235245F9C48E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 
 
2\Darksiders2.exe
FirewallRules: [{E254936E-DFC1-43C0-A676-72A9E63E264A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 
 
2\Darksiders2.exe
FirewallRules: [{900CE2A2-D7A7-4762-82B2-B5014478C8B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 
 
goty\FalloutLauncher.exe
FirewallRules: [{91C79C7E-86C0-4DC3-9EBE-1858B0EB3308}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 3 
 
goty\FalloutLauncher.exe
FirewallRules: [{8A80F9DF-0783-4BCF-81D3-6F8EE2FBABBE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{26AD839F-F311-4300-9EDE-BDDFA6F5BBA0}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{95CE7FC5-1DFF-4593-A748-9C5BDE80E062}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying 
 
Light\DyingLightGame.exe
FirewallRules: [{7A468C1D-FEC1-462D-BDD0-DD7A7333A2E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying 
 
Light\DyingLightGame.exe
FirewallRules: [{3B5122C5-F9C3-4197-8E60-45F2DA4A8A4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying 
 
Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{74C4090B-4731-49B0-85D7-68B0BC2FE57A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying 
 
Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{1B7092B9-C9AA-43D0-9F7B-F664023353D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\NvStreamNetworkService.exe
FirewallRules: [{9F6C45D9-D369-4F94-8F32-9CB117F3A5ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\NvStreamNetworkService.exe
FirewallRules: [{AD541391-05EB-498A-A273-56DF9022B710}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\NvStreamUserAgent.exe
FirewallRules: [{8A5F94B4-47F2-4F97-B1EC-253DFA06CCBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamer.exe
FirewallRules: [{14125168-4A8C-4DCB-87A0-E271C4B773D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv
 
\nvstreamer.exe
FirewallRules: [{F42C3B76-9F69-4257-8CD2-DF63F10FF96B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{86445D7D-97E5-4F46-A183-FBD0300EC780}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{D6424E55-218B-4F27-B79F-2CC68B5138AC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{7A5A255F-72C4-45EB-9760-0E3077A8EE2F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{1D75D8A0-DA8D-4702-8209-D7CE1E0C14C6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B4A405CA-5229-4A5F-802A-2342C72FE65F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{917192EC-68D0-4937-8447-9EE1B9ACA61D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb
 
\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{530997BD-0A57-48C3-83FE-57219CBAA00B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dirty Bomb
 
\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{25C760B1-3048-472C-9362-64BE3161ED38}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is 
 
Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{8FEE53BC-4FA4-40CF-8032-E5203AB686A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is 
 
Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{8D50733F-E6AE-4A17-8008-7BEA50C265EE}C:\program files (x86)\steam\steamapps\common
 
\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common
 
\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F334C186-9B5D-4BB5-8F3A-BEDB8040DE06}C:\program files (x86)\steam\steamapps\common
 
\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common
 
\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{A5BE2CB6-0611-406E-866B-91F0C0477B95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
FirewallRules: [{5FA3E45A-E3FA-4A2A-8F03-1DCEC1642217}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{3C498E67-1970-4B62-A803-FA3D714B2A4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common
 
\Borderlands\Binaries\Borderlands.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2015 05:29:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.8.2015.1 stopped interacting with Windows and was closed. To see if more 
 
information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9b0
 
Start Time: 01d0d7a15cf863f4
 
Termination Time: 2
 
Application Path: C:\Users\Cole\Desktop\FRST64.exe
 
Report Id:
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2015 05:13:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and 
 
name Coordinator cannot be started. [0x80070005, Access is denied.
]
 
Error: (08/15/2015 05:09:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2015 03:55:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/15/2015 06:34:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (08/15/2015 06:01:19 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_
 
{72FF6468-055A-4F73-A82C-2D07180E6C8E}.
The backup browser is stopping.
 
Error: (08/15/2015 05:23:39 PM) (Source: DCOM) (EventID: 10016) (User: panicstation)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-
 
67AE10044F0B}panicstationColeS-1-5-21-2934070568-3600879968-1804549010-1001LocalHost (Using LRPC)
 
Error: (08/15/2015 05:23:39 PM) (Source: DCOM) (EventID: 10016) (User: panicstation)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-
 
67AE10044F0B}panicstationColeS-1-5-21-2934070568-3600879968-1804549010-1001LocalHost (Using LRPC)
 
Error: (08/15/2015 05:23:39 PM) (Source: DCOM) (EventID: 10016) (User: panicstation)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-
 
67AE10044F0B}panicstationColeS-1-5-21-2934070568-3600879968-1804549010-1001LocalHost (Using LRPC)
 
Error: (08/15/2015 05:23:39 PM) (Source: DCOM) (EventID: 10016) (User: panicstation)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-
 
67AE10044F0B}panicstationColeS-1-5-21-2934070568-3600879968-1804549010-1001LocalHost (Using LRPC)
 
Error: (08/15/2015 05:23:39 PM) (Source: DCOM) (EventID: 10016) (User: panicstation)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-
 
67AE10044F0B}panicstationColeS-1-5-21-2934070568-3600879968-1804549010-1001LocalHost (Using LRPC)
 
Error: (08/15/2015 05:22:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OraStream Service service failed to start due to the following error: 
%%2
 
Error: (08/15/2015 05:19:18 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (08/15/2015 05:15:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
Microsoft Office:
=========================
Error: (08/15/2015 05:29:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.8.2015.19b001d0d7a15cf863f42C:\Users\Cole\Desktop\FRST64.exe
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:23:39 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2015 05:13:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
 
Error: (08/15/2015 05:09:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2015 03:55:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 
 
AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 8074.31 MB
Available physical RAM: 2366.2 MB
Total Virtual: 16146.82 MB
Available Virtual: 8161.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:670.82 GB) (Free:121.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9EA8A053)
Partition 1: (Not Active) - (Size=32 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=670.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)
 
==================== End of log ============================
 
 
Thanks.

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there two programmes to run

Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a] => C:\52e436a2\52e436a2.exe
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a2] => C:\Users\Cole\AppData\Roaming\52e436a2.exe
S2 OraStream Service; C:\Windows\Installer\MSI5382.tmp [X]
2015-08-14 22:58 - 2015-08-14 22:59 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-08-15 20:32 - 2014-10-23 22:05 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieUserList
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieSiteList
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\qwave.dll (roosoraiotprcifnCotM) <==== ATTENTION
C:\52e436a2
C:\Users\Cole\AppData\Roaming\52e436a2.exe
C:\Windows\Installer\MSI5382.tmp
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
Martel

Martel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi thanks so much for your expertise.

 

I ran TDSSKiller, and all it found as a "threat" was my wireless manager thing, which I "skipped" since it didn't give me the option to "cure" it.

 

Unfortunately, my computer rebooted at the end of the FRST64 process, which wiped the results log of TDSSKiller from the unsaved notepad file I had it in; I wasn't sure if I should have run it again afterwards, so I didn't.

 

Anyway, here's fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01

Ran by Cole (2015-08-16 12:56:14) Run:3
Running from C:\Users\Cole\Desktop
Loaded Profiles: Cole (Available Profiles: Cole)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a] => C:\52e436a2\52e436a2.exe
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\...\Run: [52e436a2] => C:\Users\Cole\AppData\Roaming\52e436a2.exe
S2 OraStream Service; C:\Windows\Installer\MSI5382.tmp [X]
2015-08-14 22:58 - 2015-08-14 22:59 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-08-15 20:32 - 2014-10-23 22:05 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieUserList
2015-07-22 05:15 - 2014-06-12 18:45 - 00000000 __SHD C:\Users\Cole\AppData\Local\EmieSiteList
CustomCLSID: HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\qwave.dll (roosoraiotprcifnCotM) <==== ATTENTION
C:\52e436a2
C:\Users\Cole\AppData\Roaming\52e436a2.exe
C:\Windows\Installer\MSI5382.tmp
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\Software\Microsoft\Windows\CurrentVersion\Run\\52e436a => value removed successfully
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\Software\Microsoft\Windows\CurrentVersion\Run\\52e436a2 => value removed successfully
OraStream Service => service removed successfully
 
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder move:
 
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => Scheduled to move on reboot.
 
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully.
C:\Users\Cole\AppData\Local\EmieUserList => moved successfully.
C:\Users\Cole\AppData\Local\EmieSiteList => moved successfully.
"HKU\S-1-5-21-2934070568-3600879968-1804549010-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully
C:\52e436a2 => moved successfully.
"C:\Users\Cole\AppData\Roaming\52e436a2.exe" => File/Folder not found.
"C:\Windows\Installer\MSI5382.tmp" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2934070568-3600879968-1804549010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {2C82D67C-4400-447D-90BC-EE355398166F}.
Unable to cancel {EC7FA0B2-7557-4043-8906-F6193B25EEE3}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1.5 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-16 13:06:40)<=
 
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully
 
==== End of Fixlog 13:06:40 ====

 

My computer seems to be back to normal. During the past 10 minutes, no voice has asked me to type the numbers I hear, and RAM is only at about 40% usage as I write this.

 

Thanks again for solving this for me; I was worried I might have to completely re-install the OS. Cheers.


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a few more checks to ensure that it really has gone

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
Martel

Martel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I just saw this, so sorry for the delay, but there doesn't seem to be much to report anyway.

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 8/19/2015
Scan Time: 6:17 PM
Logfile: scanlog.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.19.09
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cole
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352510
Time Elapsed: 8 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP