Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Rootkit, trojan malware

Rootkit Malware someone controlled my pc

  • Please log in to reply

#1
archiep

archiep

    Member

  • Member
  • PipPip
  • 53 posts

I dont know how else to start this, but i witnessed my computer being remotely controlled. The user attempted to visit amazon and try to steal some of my personal information, luckily i was there and took control of the situation and the user stopped his movements. From that point on i proceeded to clearing all my information saved, (autofill saved passwords, cache off the browser that im using which is chrome) then i proceeded with the panda gold scan and it came up with nothing, so that is why i come here to seek professional help and hope that you guys can help me with this. If all else fails i shall go for a full reformat of my system, but before that im leaving these logs for you guys to look at, Thanks in Advance

 

 

-Archie

 

 

 

 

Farbar logs 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by Arc (administrator) on MASTACHIE (01-06-2016 23:28:23)
Running from C:\Users\Arc\Desktop
Loaded Profiles: Arc (Available Profiles: Arc)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Spotify Ltd) C:\Users\Arc\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Arc\AppData\Roaming\Spotify\Spotify.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Spotify Ltd) C:\Users\Arc\AppData\Roaming\Spotify\SpotifyCrashService.exe
(NVIDIA Corporation) C:\Users\Arc\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Spotify Ltd) C:\Users\Arc\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Spotify Ltd) C:\Users\Arc\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.94.111.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.94.111.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-23] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024 2015-09-09] (MSI)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2016-02-16] (MSI)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [Spotify Web Helper] => C:\Users\Arc\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-30] (Spotify Ltd)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [Spotify] => C:\Users\Arc\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-05-30] (Spotify Ltd)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-05-19] (Overwolf LTD)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\MountPoints2: {321d2141-237e-11e6-8c21-d8cb8adfa151} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-03-15]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{031EFED1-9581-4E56-839E-602C12C6DE17}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1267418245-3742697258-4214093646-1000] ATTENTION => Default URLSearchHook is missing
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-11-23] ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Arc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Remove Google Redirection) - C:\Users\Arc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Arc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Arc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [241936 2016-04-27] (EasyAntiCheat Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [37328 2015-12-16] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4162512 2016-02-04] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162512 2016-02-04] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014160 2016-03-04] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2317264 2016-03-25] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2073040 2016-02-04] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [596944 2016-02-01] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-05-19] (Overwolf LTD)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [17720 2015-04-02] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [117808 2015-06-19] (Rivet Networks, LLC.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-27] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (Windows ® Win 7 DDK provider)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [125488 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-01 23:28 - 2016-06-01 23:28 - 00021706 _____ C:\Users\Arc\Desktop\FRST.txt
2016-06-01 23:26 - 2015-05-22 01:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-06-01 23:18 - 2016-06-01 23:28 - 00000000 ____D C:\FRST
2016-06-01 23:18 - 2016-06-01 23:19 - 00043356 _____ C:\Users\Arc\Downloads\FRST.txt
2016-06-01 23:18 - 2016-06-01 23:19 - 00041878 _____ C:\Users\Arc\Downloads\Addition.txt
2016-06-01 23:18 - 2016-06-01 23:18 - 02383872 _____ (Farbar) C:\Users\Arc\Desktop\FRST64.exe
2016-06-01 23:13 - 2016-06-01 23:13 - 03677248 _____ C:\Users\Arc\Downloads\AdwCleaner (1).exe
2016-06-01 23:09 - 2016-06-01 23:11 - 00000000 ____D C:\AdwCleaner
2016-06-01 23:09 - 2016-06-01 23:09 - 03677248 _____ C:\Users\Arc\Downloads\AdwCleaner.exe
2016-06-01 23:02 - 2016-06-01 23:02 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-06-01 23:02 - 2016-06-01 23:02 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-06-01 23:01 - 2016-06-01 23:02 - 00002193 _____ C:\Users\Public\Desktop\Panda GOLD Protection.lnk
2016-06-01 23:01 - 2016-06-01 23:01 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Panda Security
2016-06-01 23:01 - 2016-06-01 23:01 - 00000000 ____D C:\Users\Arc\AppData\LocalLow\pandasecuritytb
2016-06-01 23:01 - 2016-06-01 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda GOLD Protection
2016-06-01 23:01 - 2016-06-01 23:01 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2016-06-01 23:01 - 2016-06-01 23:01 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-06-01 23:00 - 2016-06-01 23:01 - 00000000 ____D C:\ProgramData\Panda Security
2016-06-01 23:00 - 2016-06-01 23:00 - 01872136 _____ (Panda Security, S.L.) C:\Users\Arc\Downloads\PANDAGL16.exe
2016-06-01 02:10 - 2016-06-01 02:10 - 00000000 ____D C:\Program Files (x86)\World_of_Tanks9.14
2016-06-01 01:51 - 2016-06-01 01:57 - 00000000 ____D C:\World_of_Tanks
2016-06-01 00:38 - 2016-06-01 00:38 - 00000769 _____ C:\Users\Arc\Desktop\World of Tanks.lnk
2016-06-01 00:38 - 2016-06-01 00:38 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-06-01 00:37 - 2016-06-01 00:37 - 04207600 _____ (Wargaming.net ) C:\Users\Arc\Downloads\WoT_internet_install_asia.exe
2016-06-01 00:27 - 2016-06-01 00:27 - 00008600 _____ C:\Users\Arc\Downloads\wot_9.15.8926_9.14.8320_client.wgpkg.torrent
2016-05-30 15:35 - 2016-05-30 15:36 - 55189266 _____ (soloviyko ) C:\Users\Arc\Downloads\SoloModPack_v0.9.15_U0.exe
2016-05-30 13:49 - 2016-05-30 14:02 - 416592246 _____ ( ) C:\Users\Arc\Downloads\GeeMod 0.9.15 Pre 2.exe
2016-05-27 13:33 - 2016-05-27 13:33 - 00000000 ____D C:\Users\Arc\AppData\Roaming\2K Sports
2016-05-27 13:30 - 2016-05-27 13:30 - 00000633 _____ C:\Users\Arc\Desktop\NBA 2K16.lnk
2016-05-27 13:30 - 2016-05-27 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K16
2016-05-27 13:19 - 2016-05-27 13:19 - 00000000 ____D C:\Users\Arc\AppData\Local\Disc_Soft_Ltd
2016-05-27 13:18 - 2016-05-27 13:19 - 00000000 ____D C:\Users\Arc\AppData\Roaming\DAEMON Tools Lite
2016-05-27 13:18 - 2016-05-27 13:18 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-05-27 13:18 - 2016-05-27 13:18 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-05-27 13:18 - 2016-05-27 13:18 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-05-27 13:18 - 2016-05-27 13:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-05-27 13:18 - 2016-05-27 13:18 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-05-26 22:49 - 2016-05-26 23:22 - 00000000 ____D C:\Users\Arc\Documents\Planetbase
2016-05-26 13:08 - 2016-06-01 23:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-26 13:08 - 2016-05-26 13:08 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-26 13:08 - 2016-05-19 19:11 - 06346688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-26 13:08 - 2016-05-19 19:11 - 00531904 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-26 13:08 - 2016-05-19 19:11 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-26 13:08 - 2016-05-19 18:45 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-26 13:08 - 2016-05-18 16:25 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
2016-05-26 13:08 - 2016-05-03 19:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-26 13:08 - 2016-05-03 19:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-26 13:08 - 2016-05-03 19:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-26 13:08 - 2016-05-03 19:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-26 13:07 - 2016-05-21 14:10 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-05-26 13:07 - 2016-05-21 14:10 - 00141256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-26 13:07 - 2016-05-21 14:10 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 31600696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 25372096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 21794064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 21336720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 19110968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 18138232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 17732936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 17236560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 16693208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 14293592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 13412408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-26 13:07 - 2016-05-20 00:01 - 10642728 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 08733096 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 03825384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 03447232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 03383448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 03001792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00984512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00911416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00770496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00501384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00476848 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-26 13:07 - 2016-05-20 00:01 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-26 13:07 - 2016-05-20 00:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-26 13:07 - 2016-05-20 00:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-26 12:57 - 2016-05-20 00:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-26 12:57 - 2016-05-20 00:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-26 12:49 - 2016-04-13 22:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-26 12:49 - 2016-04-13 22:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-26 12:49 - 2016-04-13 22:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-24 11:27 - 2016-05-24 11:27 - 00000000 ____D C:\Users\Arc\Documents\ANNO 1404 Venice
2016-05-24 10:22 - 2016-05-24 10:22 - 00000000 ____D C:\Users\Arc\Documents\Anno 1404
2016-05-24 05:56 - 2016-05-24 06:14 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Ubisoft
2016-05-24 05:55 - 2016-05-24 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1404 - Dawn of Discovery
2016-05-24 05:52 - 2016-05-24 05:55 - 00000000 ____D C:\Program Files (x86)\Anno 1404 - Dawn of Discovery
2016-05-24 05:27 - 2016-05-24 05:28 - 00000000 ____D C:\Users\Arc\Desktop\Retro Pixel
2016-05-24 04:52 - 2016-05-24 04:52 - 00000000 ____D C:\Users\Arc\AppData\LocalLow\FlyAnvil
2016-05-23 15:17 - 2016-05-30 14:06 - 00000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeeMod.lnk
2016-05-23 15:17 - 2016-05-30 14:06 - 00000983 _____ C:\Users\Public\Desktop\GeeMod.lnk
2016-05-23 15:13 - 2016-05-23 15:15 - 431078069 _____ ( ) C:\Users\Arc\Downloads\GeeMod 0.9.14.1 D.exe
2016-05-23 12:56 - 2016-05-23 12:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-05-22 12:11 - 2016-05-22 12:11 - 01906817 _____ C:\Users\Arc\Downloads\14580047743362_ussr_R19_IS-3_slough.wotreplay
2016-05-22 12:01 - 2016-05-22 12:01 - 00983676 _____ C:\Users\Arc\Downloads\14621382687611_usa_T67_karelia.wotreplay
2016-05-22 11:51 - 2016-05-22 11:51 - 01414349 _____ C:\Users\Arc\Downloads\14621383227121_usa_M40M43_malinovka.wotreplay
2016-05-22 11:37 - 2016-05-22 11:50 - 00000000 ____D C:\Users\Arc\AppData\Local\Ubisoft Game Launcher
2016-05-22 11:37 - 2016-05-22 11:37 - 00001205 _____ C:\Users\Arc\Desktop\Uplay.lnk
2016-05-22 11:37 - 2016-05-22 11:37 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-05-22 11:37 - 2016-05-22 11:37 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-05-22 11:36 - 2016-05-22 11:37 - 66409936 _____ (Ubisoft) C:\Users\Arc\Downloads\UplayInstaller.exe
2016-05-22 09:25 - 2016-06-01 13:53 - 00000000 ____D C:\Users\Arc\AppData\Roaming\vlc
2016-05-22 09:07 - 2016-05-22 09:07 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-22 09:07 - 2016-05-22 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-05-22 09:07 - 2016-05-22 09:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-05-22 09:06 - 2016-05-22 09:06 - 30503216 _____ C:\Users\Arc\Downloads\vlc-2.2.3-win32.exe
2016-05-19 05:25 - 2016-05-19 05:25 - 00002276 _____ C:\Users\Arc\Desktop\Skyrim (SKSE).lnk
2016-05-19 05:24 - 2016-05-19 05:24 - 00362812 _____ C:\Users\Arc\Downloads\skse_1_07_03_installer.exe
2016-05-19 04:58 - 2016-06-01 00:38 - 00000000 ____D C:\Games
2016-05-19 04:57 - 2016-05-19 04:57 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-05-19 04:57 - 2016-05-19 04:57 - 00000000 ____D C:\Users\Arc\Documents\Nexus Mod Manager
2016-05-19 04:57 - 2016-05-19 04:57 - 00000000 ____D C:\Users\Arc\AppData\Local\Black_Tree_Gaming
2016-05-19 04:57 - 2016-05-19 04:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-05-19 04:57 - 2016-05-19 04:57 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-05-19 04:56 - 2016-05-19 04:56 - 06359496 _____ (Black Tree Gaming ) C:\Users\Arc\Downloads\Nexus Mod Manager-0.61.23.exe
2016-05-19 04:53 - 2016-05-19 04:53 - 00001780 _____ C:\Users\Arc\Desktop\SkyrimLauncher - Shortcut.lnk
2016-05-18 22:56 - 2016-06-01 00:38 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-05-18 22:56 - 2016-05-18 22:56 - 00000000 ____D C:\ProgramData\Steam
2016-05-18 22:21 - 2016-05-24 02:51 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V - Skyrim - Legendary Edition
2016-05-18 22:21 - 2016-05-19 04:58 - 00000000 ____D C:\Users\Arc\AppData\Local\Skyrim
2016-05-18 22:21 - 2016-05-18 22:21 - 00002074 _____ C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim - Legendary Edition.lnk
2016-05-18 08:56 - 2016-05-18 08:56 - 00001675 _____ C:\Users\Public\Desktop\Rebel Galaxy.lnk
2016-05-11 03:31 - 2016-05-11 03:31 - 00001173 _____ C:\Users\Public\Desktop\MSI Command Center.lnk
2016-05-11 03:31 - 2013-02-08 11:04 - 00000000 _____ C:\RAMDiskImage.img
2016-05-05 10:16 - 2016-05-05 10:16 - 00015512 _____ C:\Users\Arc\Downloads\Simple Food And Water HUD V 0.2b-12-0-2.zip
2016-05-03 19:23 - 2016-05-03 19:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-03 19:22 - 2016-05-03 19:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 19:22 - 2016-05-03 19:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-01 23:26 - 2016-03-28 21:44 - 00000000 ____D C:\Users\Arc\AppData\Local\Overwolf
2016-06-01 23:26 - 2016-03-26 10:31 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Spotify
2016-06-01 23:26 - 2016-03-26 10:31 - 00000000 ____D C:\Users\Arc\AppData\Local\Spotify
2016-06-01 23:26 - 2016-03-15 04:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-01 23:26 - 2016-03-15 04:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 23:26 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-01 23:20 - 2009-07-13 21:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-01 23:20 - 2009-07-13 21:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-01 23:18 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 23:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-01 23:12 - 2009-07-13 21:45 - 00320456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-01 23:01 - 2016-03-15 04:14 - 00060400 _____ C:\Users\Arc\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-01 22:44 - 2016-03-15 04:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-01 21:24 - 2016-04-18 03:27 - 00000000 ____D C:\Users\Arc\AppData\Roaming\tixati
2016-06-01 02:23 - 2016-03-16 14:44 - 00000000 ____D C:\Program Files (x86)\GeeMod
2016-06-01 00:26 - 2016-03-15 14:10 - 00000000 ____D C:\Users\Arc\AppData\Roaming\Wargaming.net
2016-05-31 22:21 - 2016-03-28 21:44 - 00000000 ____D C:\Users\Arc\AppData\Roaming\TS3Client
2016-05-31 11:44 - 2016-03-15 04:50 - 00000000 ____D C:\Users\Arc\AppData\Local\CrashDumps
2016-05-30 09:56 - 2016-03-28 13:53 - 00000000 ____D C:\Users\Arc\AppData\Roaming\NVIDIA
2016-05-29 13:46 - 2016-03-15 04:10 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-05-29 13:46 - 2016-03-15 04:10 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-05-29 13:46 - 2016-03-15 04:10 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-29 13:46 - 2016-03-15 04:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-28 07:52 - 2016-04-20 07:57 - 00001718 _____ C:\Windows\Sandboxie.ini
2016-05-28 07:52 - 2016-03-16 20:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-26 13:13 - 2016-03-15 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-26 13:09 - 2016-03-15 04:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-26 13:09 - 2016-03-15 04:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-26 13:08 - 2016-03-15 04:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-26 13:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-05-26 12:49 - 2016-03-15 04:38 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-26 12:49 - 2016-03-15 04:38 - 00000000 ____D C:\Users\Arc\AppData\Local\NVIDIA
2016-05-24 23:45 - 2016-03-28 21:45 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-05-22 14:02 - 2016-04-22 22:18 - 00000000 ____D C:\Users\Arc\Documents\My Games
2016-05-18 08:57 - 2016-04-10 17:20 - 00000000 ____D C:\GOG Games
2016-05-18 08:56 - 2016-04-10 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-05-18 08:56 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-17 21:07 - 2016-04-27 11:14 - 00000000 ____D C:\Users\Arc\AppData\Roaming\SpaceEngineers
2016-05-17 09:55 - 2016-03-15 23:57 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-05-14 11:15 - 2016-03-16 20:11 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-14 11:15 - 2016-03-16 20:11 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-11 06:17 - 2016-03-15 04:09 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-11 03:31 - 2016-03-15 04:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-05-11 03:31 - 2016-03-15 04:14 - 00000000 ____D C:\Program Files (x86)\MSI
2016-05-11 03:31 - 2016-03-15 04:14 - 00000000 ____D C:\MSI
2016-05-10 23:39 - 2016-03-15 04:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:39 - 2016-03-15 04:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2016-03-18 08:10 - 2016-03-18 08:10 - 0000017 _____ () C:\Users\Arc\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Arc\AppData\Local\Temp\bitool.dll
C:\Users\Arc\AppData\Local\Temp\Command Center.exe
C:\Users\Arc\AppData\Local\Temp\devcon64.exe
C:\Users\Arc\AppData\Local\Temp\DVDChangeDisc.exe
C:\Users\Arc\AppData\Local\Temp\libeay32.dll
C:\Users\Arc\AppData\Local\Temp\msvcr120.dll
C:\Users\Arc\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Arc\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Arc\AppData\Local\Temp\nvStInst.exe
C:\Users\Arc\AppData\Local\Temp\sqlite3.dll
C:\Users\Arc\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Arc\AppData\Local\Temp\{90E402AA-5E6E-40D7-BFED-EE18312267D9}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-28 14:13
 
==================== End of FRST.txt ============================
 
 
 
Farbar addition Log
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Arc (2016-06-01 23:28:34)
Running from C:\Users\Arc\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-15 11:06:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1267418245-3742697258-4214093646-500 - Administrator - Disabled)
Arc (S-1-5-21-1267418245-3742697258-4214093646-1000 - Administrator - Enabled) => C:\Users\Arc
Guest (S-1-5-21-1267418245-3742697258-4214093646-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda GOLD Protection (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda GOLD Protection (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Anno 1404 - Dawn of Discovery version 1.3 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.3 - )
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
Bridge! 2 (HKLM\...\YnJpZGdlMg_is1) (Version: 1 - )
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
EVGA PrecisionX 16 (HKLM\...\Steam App 268850) (Version:  - EVGA)
GeeMod version GeeMod 0.9.15 Pre 2 (HKLM-x32\...\{5223D8A4-4BF4-44D0-8319-42DC272ED838}_is1) (Version: GeeMod 0.9.15 Pre 2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.12 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 5.0.0.27 - MSI)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{236e0932-2039-4fba-9df8-2d67de8f730f}) (Version: 5.1.2.100 - Intel Corporation)
MSI Intel Extreme Tuning Utility (x32 Version: 5.1.2.100 - Intel Corporation) Hidden
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.014 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.11 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.02 - MSI)
NBA 2K16 (HKLM-x32\...\NBA 2K16_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
One Troll Army (HKLM\...\Steam App 438680) (Version:  - FlyAnvil)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.94.111.0 - Overwolf Ltd.)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda GOLD Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security)
Panda GOLD Protection (Version: 8.21.00 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.15 - Panda Security and Visicom Media Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM-x32\...\1435582019_is1) (Version: 2.0.0.1 - GOG.com)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Solo's ModPack for World of Tanks (HKLM-x32\...\{547468D0-A0E7-4EDD-8C5F-39CCB4DD9343}_is1) (Version: 9.15 - soloviyko)
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.08 - Creative Technology Limited)
Space Engineers (HKLM\...\Steam App 244850) (Version:  - Keen Software House)
Spotify (HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\Spotify) (Version: 1.0.29.92.g67727800 - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.2.0.4 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
The Elder Scrolls V: Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V: Skyrim - Legendary Edition_is1) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 19.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
World of Tanks (HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812asia}_is1) (Version:  - Wargaming.net)
XSplit Gamecaster (HKLM-x32\...\{D7BEC6E9-5E86-44FF-AA21-23DA71ED676B}) (Version: 2.4.1506.1243 - SplitmediaLabs)
XVM version 6.2.1.2 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.2.1.2 - XVM team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1FADFA6D-2ABA-43DC-8511-A7E675AEB976} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {3FAA3626-8E19-48B8-85B5-D0D3725C3F95} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation)
Task: {805673AD-3BA3-48C5-BF50-B8F759B2DE95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {981DC40A-2229-4C0D-B90C-E96B443F8111} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {DF304282-7262-4DC9-868C-DBE69C633480} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-05-19] (Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-26 13:08 - 2016-05-19 19:11 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-15 04:30 - 2015-05-29 17:57 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2016-03-15 04:30 - 2015-05-29 17:56 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-02-17 16:01 - 2016-02-17 16:01 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-02-17 16:01 - 2016-02-17 16:01 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-03-15 04:48 - 2016-05-01 22:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-11 16:00 - 2016-05-01 22:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-15 04:48 - 2016-05-01 22:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-15 04:48 - 2016-05-01 22:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-11 16:00 - 2016-05-01 22:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-11 16:00 - 2016-05-01 22:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-11 16:00 - 2016-05-01 22:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-15 04:48 - 2016-05-01 22:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-11 16:00 - 2016-05-01 22:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-11 16:00 - 2016-05-01 22:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-15 04:38 - 2016-05-01 23:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-15 04:38 - 2016-04-29 13:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-03-15 04:38 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-03-15 04:38 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-03-15 04:38 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-03-15 04:38 - 2016-04-29 17:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-03-15 04:38 - 2016-02-08 16:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-03-15 04:38 - 2016-02-08 16:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-03-15 04:38 - 2016-02-08 16:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-03-15 04:38 - 2016-02-08 16:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-03-15 04:38 - 2016-02-08 16:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-03-15 04:38 - 2016-04-29 17:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-15 04:38 - 2016-02-17 15:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-26 10:31 - 2016-05-30 08:51 - 47503472 _____ () C:\Users\Arc\AppData\Roaming\Spotify\libcef.dll
2016-05-19 03:46 - 2016-05-19 03:46 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.94.111.0\CoreAudioApi.dll
2016-05-19 03:46 - 2016-05-19 03:46 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.94.111.0\libcef.DLL
2016-05-19 03:46 - 2016-05-19 03:46 - 00262656 _____ () C:\Program Files (x86)\Overwolf\0.94.111.0\OpenHardwareMonitorLib.dll
2016-03-15 04:30 - 2015-05-29 17:56 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2016-03-15 04:30 - 2015-05-29 17:54 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-04-06 07:23 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2015-12-15 10:17 - 2015-12-15 10:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-26 10:31 - 2016-05-30 08:51 - 01584240 _____ () C:\Users\Arc\AppData\Roaming\Spotify\libglesv2.dll
2016-03-26 10:31 - 2016-05-30 08:51 - 00082032 _____ () C:\Users\Arc\AppData\Roaming\Spotify\libegl.dll
2016-03-15 04:38 - 2016-04-27 18:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-03-15 04:23 - 2016-03-07 19:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-15 04:23 - 2016-03-07 19:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1267418245-3742697258-4214093646-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Arc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1A3C129A-CDA9-4B7E-9EBB-3F12271615F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C53A99D0-AE55-4C0A-B1EC-BAC47B808696}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DFC57D12-C1EF-42B7-9DA3-9D60432421C6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A7F85393-4B7F-4280-A6F2-4644DF64D8FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02F1CFE1-8290-45F3-B370-EC87937D861E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CD7AB6DE-EDEF-42B8-BA25-E23E1BE988DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C50811-7209-4D32-B7E7-A655A0A29073}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AE11D8C5-2249-49E3-B9EE-DF28AB51ADAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{274F9AA5-F481-49B1-AF2B-D220D32F71B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D6481AF-CEC6-4B84-BC2E-10357E960BB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B2BBA81-548C-4230-9E2C-73BFD0139374}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C05AFB7E-2F21-47B2-8C19-850326E7A306}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9940A988-2A95-4B0D-BC2A-2E6046D8692D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{53006F1A-7172-47CB-9CD0-5943395EF31A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{25740937-DDA9-4B04-B5C7-B0006035A2FF}F:\world_of_tanks9.14\worldoftanks.exe] => (Allow) F:\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [UDP Query User{C3141228-2A6F-4BF1-840C-68922A1A60D9}F:\world_of_tanks9.14\worldoftanks.exe] => (Allow) F:\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [TCP Query User{0FF54AC1-5DEB-4E2C-9E30-AED5056284B3}C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [UDP Query User{B1F30188-D7D3-43B8-ABFA-11B27C181F98}C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [TCP Query User{9F9A748D-6483-4F8F-87E9-808B86DC3103}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{6800A260-83FF-4027-957F-1B5A8253AA8D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{D8593815-1A56-40CF-A9A2-325D7CD4E5A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{C9739606-D9E2-4B97-AE0E-B525FF4A6B06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{005E3195-15F2-4061-B475-A8244BCCA4A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{D4816D2B-4205-40B0-B4FF-A893397D5CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [TCP Query User{03BA674D-0199-40A6-8D1F-510303A6D3A0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DA006301-262A-4FB1-9458-2672B7EE365F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{795DE68D-A9AC-46E1-BB85-736C83241085}C:\program files (x86)\world_of_tanks9.14\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\wotlauncher.exe
FirewallRules: [UDP Query User{046E13F3-894F-43D9-A381-41E453A697DC}C:\program files (x86)\world_of_tanks9.14\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\wotlauncher.exe
FirewallRules: [TCP Query User{DED341C8-6FEF-4813-9266-9D3663309F63}C:\users\arc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\arc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CB97E01F-2673-44FE-B541-C5C646CA316C}C:\users\arc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\arc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{37910C61-2775-4A9D-857F-909077FA8578}C:\users\arc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\arc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{969BBA19-CB75-49ED-B715-6E28471A7630}C:\users\arc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\arc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{EAE4890F-D4AA-42C7-A719-87FC4BE79C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{FF0AA9D3-F94B-4466-8358-D9E399EB8737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [TCP Query User{2A62E163-5488-48DD-8E83-0AAFDB5F0C0B}C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [UDP Query User{BCDC9D51-4AE5-4F1D-B6AD-46E9E270F4C2}C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks9.14\worldoftanks.exe
FirewallRules: [{3042210A-6EEC-4600-BFD7-0C2860DD43E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{0345794C-DFF5-4922-BA70-A9D420F11AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{C0C1453F-B852-4C63-B352-D990F825367F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{8D830137-2146-49C7-A71E-AF6B9CCB289E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{C76B6381-AB71-4E34-8D9E-0EB364336530}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{FD4F8236-02DB-43F8-9454-F206D28A6A6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{76455814-AA29-4E95-A5F1-B72431079E8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{A3947EBE-C134-4020-8739-7C54998B32E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{C1A0B289-D146-406D-84F9-63B60D3F5B56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{4DBBB84D-8450-42D9-AC2A-9C8112C92CB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{9B413CEF-BAB5-426D-9CA8-A22908F01267}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2F43333-81F9-4836-B0A6-6370E69B4C6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4372003C-688F-465B-9918-036F5F9A54AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A09175BC-A7BB-41AC-B2DB-3CCBD08EFB81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D5611193-72B0-4186-905B-4B627FEE06FF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{A20C2052-E8BC-4E96-BF22-86E7BC8FD8F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneTrollArmy\OTA.exe
FirewallRules: [{816B4734-E3DA-4462-8EF5-6B1A46DC91C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneTrollArmy\OTA.exe
FirewallRules: [{9237827B-5A2C-4461-965C-0E4F6C1F7BCC}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{250B9DA3-ED53-4A64-8F3E-00072C3D6364}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{921C3B2D-905A-414C-A334-04213263402D}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{04E1A861-D506-48CA-9091-8AD9794A74C5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
 
==================== Restore Points =========================
 
18-05-2016 08:56:19 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
18-05-2016 08:56:28 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
22-05-2016 14:01:10 Installed DirectX
22-05-2016 14:01:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
27-05-2016 13:18:34 Device Driver Package Install: Disc Soft Ltd Storage controllers
27-05-2016 13:18:46 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2016 10:58:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/01/2016 10:04:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/31/2016 03:18:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/31/2016 11:44:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DxDiag.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc310
Faulting module name: dinput8.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9c1
Exception code: 0xc0000005
Fault offset: 0x0001cba2
Faulting process id: 0x1d4
Faulting application start time: 0xDxDiag.exe0
Faulting application path: DxDiag.exe1
Faulting module path: DxDiag.exe2
Report Id: DxDiag.exe3
 
Error: (05/30/2016 03:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0x20c8
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
Error: (05/30/2016 03:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0x1d40
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
Error: (05/30/2016 03:13:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0x1ac4
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
Error: (05/30/2016 03:10:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0xd2c
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
Error: (05/30/2016 03:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0x15e0
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
Error: (05/30/2016 03:08:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Faulting module name: WorldOfTanks.exe, version: 0.9.15.0, time stamp: 0x573c43d9
Exception code: 0xc0000005
Fault offset: 0x00369893
Faulting process id: 0x18f4
Faulting application start time: 0xWorldOfTanks.exe0
Faulting application path: WorldOfTanks.exe1
Faulting module path: WorldOfTanks.exe2
Report Id: WorldOfTanks.exe3
 
 
System errors:
=============
Error: (06/01/2016 11:11:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The panda_url_filtering Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 11:11:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Extreme Tuning Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/01/2016 11:11:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 11:11:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/01/2016 11:11:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-18 08:05:07.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-18 08:05:07.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-18 08:05:01.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-18 08:05:01.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:58:18.446
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:58:18.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:58:14.450
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:58:14.450
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:57:29.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-15 23:57:29.688
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 16329.45 MB
Available physical RAM: 13097.41 MB
Total Virtual: 32657.11 MB
Available Virtual: 29014.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.13 GB) (Free:171.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:912.7 GB) (Free:800.43 GB) NTFS
Drive x: (PONY) (Removable) (Total:15.22 GB) (Free:13.82 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 8E648704)
Partition 1: (Active) - (Size=447.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ED8A50F5)
Partition 1: (Not Active) - (Size=912.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 15.2 GB) (Disk ID: 06ABA360)
Partition 1: (Not Active) - (Size=15.2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
 
 
Once again thanks for the time and effort much help is appreciated

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Did you install TeamViewer on 2016-05-28 at 07:52?

 

2016-05-28 07:52 - 2016-03-16 20:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer

 

It's in the uninstall list so you should be able to uninstall it.  TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)  

 

I don't see anything else that couild do it.


  • 0

#3
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

that was my first hunch but the only one that had access to my machine was my other pc in the same room, but yeah i suppose i could uninstall it just to be on the safe side, and when team viewer is active there is a notification that your being controlled, this activity was not like Team View at all that's why it spooked me. 


Edited by archiep, 03 June 2016 - 01:04 AM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Rootkit, Malware, someone controlled my pc

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP