TechSpot

Malware running ads in background, windows 7.

By goatmaster
Aug 9, 2016
  1. Here are the logs, sorry if I paste them wrong this is new to me.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2016 01
    Ran by maxwell (administrator) on MAXWELL-PC (09-08-2016 18:06:03)
    Running from C:\Users\maxwell\Downloads
    Loaded Profiles: maxwell (Available Profiles: maxwell)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    () C:\Users\maxwell\AppData\Local\bivouac.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKU\S-1-5-21-682013197-156404839-2631474202-1000\...\Run: [attacking] => "C:\Program Files (x86)\activist\attacking.exe"
    HKU\S-1-5-21-682013197-156404839-2631474202-1000\...\Run: [adeptness] => "C:\Program Files (x86)\hoover\bivouac.exe"

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
    Tcpip\..\Interfaces\{56BF43BC-DCBF-4586-A006-7535EF99AC8F}: [DhcpNameServer] 71.10.216.1 71.10.216.2
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-682013197-156404839-2631474202-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR Profile: C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-06]
    CHR Extension: (Duolingo on the Web) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-08-06]
    CHR Extension: (Google Docs) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
    CHR Extension: (Google Drive) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
    CHR Extension: (YouTube) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
    CHR Extension: (Adblock Plus) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-06]
    CHR Extension: (Netflix) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-08-06]
    CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-08-06]
    CHR Extension: (APNG) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2016-08-06]
    CHR Extension: (Gmail Offline) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-08-06]
    CHR Extension: (Box) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2016-08-06]
    CHR Extension: (Google Apps Script) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2016-08-06]
    CHR Extension: (Google Sheets) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-06]
    CHR Extension: (Cloud Internet Explorer by Ericom) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gahjiajfldfkbglaegkndeccohnpcoce [2016-08-06]
    CHR Extension: (Google Docs Offline) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
    CHR Extension: (MagicScroll eBook Reader) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2016-08-06]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-08-06]
    CHR Extension: (Steambirds: Survival) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2016-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
    CHR Extension: (imo free video calls and text) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2016-08-06]
    CHR Extension: (Gmail) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
    CHR Extension: (Chrome Media Router) - C:\Users\maxwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-06]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-09] (Malwarebytes)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-08-06] (Duplex Secure Ltd.)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========
     
  2. goatmaster

    goatmaster TS Rookie Topic Starter

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-09 18:06 - 2016-08-09 18:06 - 00012451 _____ C:\Users\maxwell\Downloads\FRST.txt
    2016-08-09 18:05 - 2016-08-09 18:06 - 00000000 ____D C:\FRST
    2016-08-09 18:05 - 2016-08-09 18:05 - 02393600 _____ (Farbar) C:\Users\maxwell\Downloads\FRST64.exe
    2016-08-09 12:40 - 2016-08-09 12:40 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\.mono
    2016-08-09 12:40 - 2016-08-09 12:40 - 00000000 ____D C:\Users\maxwell\AppData\LocalLow\Blizzard Entertainment
    2016-08-09 12:40 - 2016-08-09 12:40 - 00000000 ____D C:\Users\maxwell\AppData\Local\Blizzard
    2016-08-09 12:40 - 2016-08-09 12:40 - 00000000 ____D C:\ProgramData\.mono
    2016-08-09 12:36 - 2016-08-09 12:36 - 00001191 _____ C:\Users\Public\Desktop\Hearthstone.lnk
    2016-08-09 12:36 - 2016-08-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
    2016-08-09 12:32 - 2016-08-09 12:36 - 00000000 ____D C:\Program Files (x86)\Hearthstone
    2016-08-08 20:53 - 2016-08-08 20:53 - 00000219 _____ C:\Users\maxwell\Desktop\Counter-Strike Global Offensive.url
    2016-08-06 20:02 - 2016-08-06 20:22 - 00000000 ____D C:\Users\maxwell\Documents\Overwatch
    2016-08-06 20:01 - 2016-08-06 20:01 - 00001104 _____ C:\Users\Public\Desktop\Overwatch.lnk
    2016-08-06 20:01 - 2016-08-06 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
    2016-08-06 18:39 - 2016-08-06 01:34 - 00319488 _____ C:\Users\maxwell\AppData\Local\bivouac.exe
    2016-08-06 18:39 - 2015-06-26 15:08 - 00294400 _____ (CodePlex Community) C:\Users\maxwell\AppData\Local\Microsoft.Win32.TaskScheduler.dll
    2016-08-06 16:22 - 2016-08-09 12:40 - 00000000 ____D C:\Program Files (x86)\Overwatch
    2016-08-06 16:22 - 2016-08-06 16:22 - 00000000 ____D C:\Windows\pss
    2016-08-06 15:00 - 2016-08-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-08-06 15:00 - 2016-07-10 18:36 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2016-08-06 14:53 - 2016-08-06 14:56 - 357682568 _____ (NVIDIA Corporation) C:\Users\maxwell\Downloads\368.81-desktop-win8-win7-winvista-64bit-international-whql (1).exe
    2016-08-06 14:49 - 2016-08-06 14:49 - 00002978 _____ C:\Windows\System32\Tasks\{F4041FC3-56B5-4D26-BFA9-BFAC0821E0FC}
    2016-08-06 14:49 - 2016-08-06 14:49 - 00002978 _____ C:\Windows\System32\Tasks\{63524FE6-ED8B-4192-8C9E-E81898119E1A}
    2016-08-06 14:44 - 2016-08-09 16:38 - 00000000 ____D C:\67ced18b3736b6345321406006b4c21c
    2016-08-06 14:44 - 2016-08-06 14:44 - 00002978 _____ C:\Windows\System32\Tasks\{381B06B7-9165-4BA5-9A2E-3B5E9C936199}
    2016-08-06 14:44 - 2016-08-06 14:44 - 00000000 ____D C:\6fd532d5ac53de3d7950773877cb207d
    2016-08-06 14:36 - 2016-08-06 14:36 - 00002978 _____ C:\Windows\System32\Tasks\{F65D3A1B-DDD2-4224-9F80-D13870982118}
    2016-08-06 14:35 - 2016-08-06 14:35 - 00002978 _____ C:\Windows\System32\Tasks\{312C0515-4A0A-4564-879A-FA9E220A9331}
    2016-08-06 14:17 - 2016-08-06 14:17 - 00000000 ____D C:\b7231f3d967fd7acb2cb2aa7806f765d
    2016-08-06 14:17 - 2016-08-06 14:17 - 00000000 ____D C:\194221aa00d17389e2de
    2016-08-06 14:09 - 2016-08-06 14:09 - 00000000 ____D C:\Users\maxwell\AppData\Local\CrashDumps
    2016-08-06 14:07 - 2016-08-06 14:07 - 00889416 _____ (Microsoft Corporation) C:\Users\maxwell\Downloads\dotNetFx40_Full_setup (1).exe
    2016-08-06 14:07 - 2016-08-06 14:07 - 00002978 _____ C:\Windows\System32\Tasks\{BCB03BF3-F0AC-43CE-A8A3-2C259EF41CF1}
    2016-08-06 14:07 - 2016-08-06 14:07 - 00002978 _____ C:\Windows\System32\Tasks\{4C79C3D9-E81E-4B70-96F1-294C0FD5A0F2}
    2016-08-06 14:04 - 2016-08-06 14:04 - 00002978 _____ C:\Windows\System32\Tasks\{F709FB80-20EE-4C08-9A4B-7D434B397CE0}
    2016-08-06 14:02 - 2016-08-06 14:02 - 00002978 _____ C:\Windows\System32\Tasks\{B86FDC99-D89C-437B-B339-BF12F61267DA}
    2016-08-06 14:02 - 2016-08-06 14:02 - 00002978 _____ C:\Windows\System32\Tasks\{8DD915B0-2CA1-470E-B7A9-85483CE7AEC5}
    2016-08-06 13:09 - 2016-08-06 13:09 - 00000000 ____D C:\af1aef37c0cae5a8362e723dfcd8009e
    2016-08-06 13:09 - 2016-08-06 13:09 - 00000000 ____D C:\65032ac901d75860e011b93c86c0
    2016-08-06 12:42 - 2016-08-06 12:44 - 00141726 _____ C:\Windows\ntbtlog.txt
    2016-08-06 12:36 - 2016-08-06 12:36 - 00000000 ____D C:\47ea09d815c0fa653ca79fa4dd4667bf
    2016-08-06 12:30 - 2016-08-06 12:33 - 00000000 ____D C:\b0ef74aa374d83897b
    2016-08-06 12:27 - 2016-08-06 13:57 - 00000000 ____D C:\Users\maxwell\Downloads\dotnetfx_cleanup_tool
    2016-08-06 12:27 - 2016-08-06 12:27 - 00267049 _____ C:\Users\maxwell\Downloads\dotnetfx_cleanup_tool.zip
    2016-08-06 12:18 - 2016-08-06 12:18 - 00000000 ____D C:\8fb8469670c61b7daca3c2c04370f975
    2016-08-06 12:09 - 2016-08-06 12:09 - 00000000 ____D C:\Users\maxwell\AppData\Local\NVIDIA
    2016-08-06 11:55 - 2016-08-06 11:55 - 00889416 _____ (Microsoft Corporation) C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe
    2016-08-06 11:54 - 2016-08-09 17:34 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-08-06 11:54 - 2016-07-10 22:13 - 01887800 _____ (NVIDIA Corporation) C:\Windows\system32\NvCamera64.dll
    2016-08-06 11:54 - 2016-07-10 22:13 - 01595840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvCamera32.dll
    2016-08-06 11:51 - 2016-08-06 15:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-08-06 11:51 - 2016-08-06 11:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-08-06 11:51 - 2016-08-06 11:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2016-08-06 11:51 - 2016-07-10 19:17 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 02465848 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 01364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2016-08-06 11:51 - 2016-07-10 19:17 - 00547896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2016-08-06 11:51 - 2016-07-10 19:17 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2016-08-06 11:51 - 2016-07-07 13:03 - 07211925 _____ C:\Windows\system32\nvcoproc.bin
    2016-08-06 11:50 - 2016-08-06 11:53 - 00000000 ____D C:\ProgramData\Package Cache
    2016-08-06 11:49 - 2016-07-15 14:15 - 01579976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2016-08-06 11:49 - 2016-07-15 14:15 - 00214592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2016-08-06 11:49 - 2016-07-15 14:15 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 31640512 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 25414080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 19220352 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 17321352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 16790552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 14371384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 13581880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2016-08-06 11:49 - 2016-07-10 22:13 - 10691632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 10656112 _____ C:\Windows\system32\nvptxJitCompiler.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 10234336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 09020656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 08742360 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 08615336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 03840096 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 03542072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 03393576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 03099072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 01939000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436881.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436881.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 01001016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00930360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00909880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00852024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00694672 _____ C:\Windows\system32\nvfatbinaryLoader.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00583736 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00490744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00406064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2016-08-06 11:49 - 2016-07-10 22:13 - 00039124 _____ C:\Windows\system32\nvinfo.pb
    2016-08-06 11:49 - 2016-07-10 22:13 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
    2016-08-06 11:49 - 2016-07-10 22:13 - 00000594 _____ C:\Windows\system32\nv-vk64.json
    2016-08-06 11:47 - 2016-08-06 11:47 - 00000000 ____D C:\NVIDIA
    2016-08-06 11:44 - 2016-08-06 11:47 - 357682568 _____ (NVIDIA Corporation) C:\Users\maxwell\Downloads\368.81-desktop-win8-win7-winvista-64bit-international-whql.exe
    2016-08-06 11:42 - 2016-08-06 11:42 - 00000000 ____D C:\Windows\system32\appmgmt
    2016-08-06 11:37 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2016-08-06 11:37 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2016-08-06 11:37 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2016-08-06 11:37 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2016-08-06 11:37 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2016-08-06 11:37 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2016-08-06 11:37 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2016-08-06 11:37 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2016-08-06 11:37 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2016-08-06 11:37 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2016-08-06 11:37 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2016-08-06 11:37 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2016-08-06 11:37 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2016-08-06 11:37 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2016-08-06 11:37 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2016-08-06 11:37 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2016-08-06 11:37 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2016-08-06 11:37 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2016-08-06 11:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2016-08-06 11:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2016-08-06 11:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2016-08-06 11:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2016-08-06 11:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2016-08-06 11:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2016-08-06 11:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2016-08-06 11:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2016-08-06 11:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2016-08-06 11:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2016-08-06 11:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2016-08-06 11:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2016-08-06 11:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2016-08-06 11:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2016-08-06 11:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2016-08-06 11:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2016-08-06 11:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2016-08-06 11:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2016-08-06 11:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2016-08-06 11:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2016-08-06 11:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2016-08-06 11:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2016-08-06 11:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2016-08-06 11:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2016-08-06 11:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2016-08-06 11:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2016-08-06 11:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2016-08-06 11:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2016-08-06 11:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2016-08-06 11:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2016-08-06 11:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2016-08-06 11:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2016-08-06 11:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2016-08-06 11:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2016-08-06 11:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2016-08-06 11:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2016-08-06 11:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2016-08-06 11:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2016-08-06 11:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2016-08-06 11:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2016-08-06 11:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2016-08-06 11:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2016-08-06 11:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2016-08-06 11:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2016-08-06 11:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2016-08-06 11:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2016-08-06 11:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2016-08-06 11:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2016-08-06 11:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2016-08-06 11:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2016-08-06 11:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2016-08-06 11:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2016-08-06 11:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2016-08-06 11:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2016-08-06 11:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2016-08-06 11:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2016-08-06 11:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2016-08-06 11:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2016-08-06 11:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2016-08-06 11:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2016-08-06 11:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2016-08-06 11:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2016-08-06 11:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2016-08-06 11:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2016-08-06 11:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2016-08-06 11:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2016-08-06 11:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2016-08-06 11:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2016-08-06 11:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2016-08-06 11:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2016-08-06 11:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2016-08-06 11:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2016-08-06 11:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2016-08-06 11:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2016-08-06 11:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2016-08-06 11:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2016-08-06 11:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2016-08-06 11:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2016-08-06 11:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2016-08-06 11:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2016-08-06 11:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2016-08-06 11:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2016-08-06 11:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2016-08-06 11:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2016-08-06 11:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2016-08-06 11:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2016-08-06 11:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2016-08-06 11:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2016-08-06 11:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2016-08-06 11:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2016-08-06 11:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2016-08-06 11:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2016-08-06 11:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2016-08-06 11:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2016-08-06 11:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2016-08-06 11:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2016-08-06 11:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2016-08-06 11:28 - 2016-08-06 11:28 - 00000000 ____D C:\77c44156bde1881f9232e5ce406a9e7e
    2016-08-06 11:28 - 2016-08-06 11:28 - 00000000 ____D C:\37ee4381050333e4de41f9c342401de0
    2016-08-06 11:28 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2016-08-06 11:28 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2016-08-06 11:28 - 2016-04-14 01:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2016-08-06 11:27 - 2016-08-06 11:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-08-06 11:27 - 2016-08-06 11:27 - 00000000 ____D C:\Users\maxwell\AppData\Local\Blizzard Entertainment
    2016-08-06 11:27 - 2016-08-06 11:27 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2016-08-06 11:26 - 2016-08-09 12:50 - 00000000 ____D C:\Users\maxwell\AppData\Local\Battle.net
    2016-08-06 11:26 - 2016-08-06 11:27 - 44984120 _____ (NVIDIA Corporation) C:\Users\maxwell\Downloads\GeForce_Experience_v2.11.4.0.exe
    2016-08-06 11:26 - 2016-08-06 11:26 - 00001154 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2016-08-06 11:26 - 2016-08-06 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2016-08-06 11:25 - 2016-08-06 11:25 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\ATI
    2016-08-06 11:25 - 2016-08-06 11:25 - 00000000 ____D C:\Users\maxwell\AppData\Local\ATI
    2016-08-06 11:25 - 2016-08-06 11:25 - 00000000 ____D C:\Users\maxwell\AppData\Local\AMD
    2016-08-06 11:25 - 2016-08-06 11:25 - 00000000 ____D C:\ProgramData\ATI
    2016-08-06 11:24 - 2016-08-09 12:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-08-06 11:24 - 2016-08-06 11:27 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\Battle.net
    2016-08-06 11:23 - 2016-08-06 11:24 - 00000000 ____D C:\ProgramData\Battle.net
    2016-08-06 11:23 - 2016-08-06 11:23 - 03012080 _____ (Blizzard Entertainment) C:\Users\maxwell\Downloads\Battle.net-Setup.exe
    2016-08-06 03:53 - 2016-08-06 03:53 - 00008192 __RSH C:\BOOTSECT.BAK
    2016-08-06 03:53 - 2016-08-06 00:05 - 00000000 ____D C:\Windows\Panther
    2016-08-06 03:53 - 2010-11-20 23:23 - 00383786 __RSH C:\bootmgr
    2016-08-06 03:03 - 2016-08-06 03:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2016-08-06 02:57 - 2016-08-06 02:36 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2016-08-06 02:57 - 2016-08-06 02:36 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2016-08-06 02:53 - 2016-08-06 03:07 - 00000000 ____T C:\Windows\system32\mfs2640.tmp
    2016-08-06 02:52 - 2016-08-06 03:10 - 00000000 ____T C:\Windows\system32\mfs9007.tmp
    2016-08-06 02:47 - 2016-08-06 02:37 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
    2016-08-06 02:38 - 2016-08-06 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-08-06 02:38 - 2016-08-06 02:47 - 00000000 ____D C:\Users\maxwell\.oracle_jre_usage
    2016-08-06 02:38 - 2016-08-06 02:38 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\Sun
    2016-08-06 02:38 - 2016-08-06 02:38 - 00000000 ____D C:\Users\maxwell\AppData\LocalLow\Sun
    2016-08-06 02:38 - 2016-08-06 02:37 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2016-08-06 02:37 - 2016-08-06 02:47 - 00000000 ____D C:\ProgramData\Oracle
    2016-08-06 02:37 - 2016-08-06 02:37 - 62041152 _____ (Oracle Corporation) C:\Users\maxwell\Downloads\jre-8u101-windows-x64.exe
    2016-08-06 02:37 - 2016-08-06 02:37 - 00000000 ____D C:\Program Files\Java
    2016-08-06 02:26 - 2016-08-06 02:26 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\Macromedia
    2016-08-06 02:26 - 2016-08-06 02:26 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\Adobe
    2016-08-06 02:25 - 2016-08-09 16:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-06 02:25 - 2016-08-06 16:28 - 00000000 ___HD C:\Program Files (x86)\hoover
    2016-08-06 02:25 - 2016-08-06 16:28 - 00000000 ___HD C:\Program Files (x86)\activist
    2016-08-06 02:25 - 2016-08-06 12:08 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\wardmain
    2016-08-06 02:25 - 2016-08-06 02:25 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\maxwell\AppData\Local\install_flash_player_21_active_x.exe
    2016-08-06 02:25 - 2016-08-06 02:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-08-06 02:25 - 2016-08-06 02:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-08-06 02:25 - 2016-08-06 02:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-08-06 02:25 - 2016-08-06 02:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-08-06 02:25 - 2016-08-06 02:25 - 00000000 ____D C:\Windows\system32\Macromed
    2016-08-06 02:24 - 2016-08-09 18:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-08-06 02:23 - 2016-08-06 02:36 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-08-06 02:23 - 2016-08-06 02:23 - 22851472 _____ (Malwarebytes ) C:\Users\maxwell\Downloads\mbam-setup-2.2.1.1043.exe
    2016-08-06 02:23 - 2016-08-06 02:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-08-06 02:23 - 2016-08-06 02:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-08-06 02:23 - 2016-08-06 02:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-08-06 02:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-08-06 02:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-08-06 02:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-08-06 02:22 - 2016-08-06 02:24 - 00000000 ____D C:\Windows\system32\SSL
    2016-08-06 02:22 - 2016-08-06 02:22 - 00031443 _____ C:\Windows\4d837b0fe3a818aeb2725cf790c068c0.ps1
    2016-08-06 02:07 - 2016-08-06 02:07 - 25746272 _____ C:\Users\maxwell\Downloads\directx81.exe
    2016-08-06 02:03 - 2016-08-06 02:08 - 00000000 ____D C:\Users\maxwell\Documents\Command and Conquer Generals Zero Hour Data
    2016-08-06 02:01 - 2016-08-06 02:02 - 00000000 ____D C:\Users\maxwell\Desktop\New folder
    2016-08-06 02:01 - 2016-08-06 02:01 - 00000609 _____ C:\Users\maxwell\Documents\ax_files.xml
    2016-08-06 01:57 - 2016-08-06 02:01 - 00000980 _____ C:\Windows\eReg.dat
    2016-08-06 01:51 - 2016-08-06 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
    2016-08-06 01:51 - 2016-08-06 01:59 - 00000000 ____D C:\Program Files (x86)\EA Games
    2016-08-06 01:45 - 2016-08-06 01:45 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
    2016-08-06 01:41 - 2016-08-06 01:41 - 07355744 _____ (Alcohol Soft Development Team) C:\Users\maxwell\Downloads\Alcohol52_FE_2.0.3.8806_480f72d1cc178b02d77b7063ee3988aa.exe
    2016-08-06 01:41 - 2016-08-06 01:41 - 00394296 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
    2016-08-06 01:37 - 2016-08-06 01:37 - 00692072 _____ (Disc Soft Ltd.) C:\Users\maxwell\Downloads\DTLiteInstaller (2).exe
    2016-08-06 01:37 - 2016-08-06 01:37 - 00000000 ____D C:\772b265144809e557490f438f56bb8db
    2016-08-06 01:34 - 2016-08-06 01:34 - 00319488 _____ C:\Windows\bivouac.exe
    2016-08-06 01:34 - 2016-08-06 01:34 - 00319488 _____ C:\Windows\auspices.exe
    2016-08-06 01:34 - 2016-08-06 01:34 - 00127640 _____ C:\Users\maxwell\AppData\Local\88688447.exe
    2016-08-06 01:28 - 2016-08-06 01:36 - 00000000 ____D C:\df72b1c0a08f0843287784fc27e919a6
    2016-08-06 01:27 - 2016-08-06 01:28 - 00692072 _____ (Disc Soft Ltd.) C:\Users\maxwell\Downloads\DTLiteInstaller (1).exe
    2016-08-06 01:17 - 2016-08-06 01:17 - 00000219 _____ C:\Users\maxwell\Desktop\Dota 2.url
    2016-08-06 01:12 - 2016-08-06 01:12 - 00000000 ____D C:\Users\maxwell\AppData\Local\Steam
    2016-08-06 01:12 - 2016-08-06 01:12 - 00000000 ____D C:\Users\maxwell\AppData\Local\CEF
    2016-08-06 01:11 - 2016-08-09 17:55 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-08-06 01:11 - 2016-08-06 02:36 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
    2016-08-06 01:11 - 2016-08-06 01:11 - 01444992 _____ C:\Users\maxwell\Downloads\SteamSetup.exe
    2016-08-06 01:11 - 2016-08-06 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-08-06 01:04 - 2016-08-06 01:04 - 00000000 ____D C:\188b7e19b286cc107d
    2016-08-06 01:03 - 2016-08-06 01:03 - 00692072 _____ (Disc Soft Ltd.) C:\Users\maxwell\Downloads\DTLiteInstaller.exe
    2016-08-06 01:01 - 2016-08-06 02:21 - 00002224 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
    2016-08-06 01:01 - 2016-08-06 02:21 - 00002212 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
    2016-08-06 01:00 - 2016-08-06 02:45 - 00000000 ____D C:\Users\maxwell\AppData\Local\Google
    2016-08-06 01:00 - 2016-08-06 01:01 - 00000000 ____D C:\Program Files (x86)\Google
    2016-08-06 01:00 - 2016-08-06 01:00 - 00000000 ____D C:\Users\maxwell\AppData\Local\Deployment
    2016-08-06 01:00 - 2016-08-06 01:00 - 00000000 ____D C:\Users\maxwell\AppData\Local\Apps\2.0
    2016-08-06 00:58 - 2016-08-06 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
    2016-08-06 00:58 - 2011-09-16 03:12 - 00032360 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtVlan620.sys
    2016-08-06 00:58 - 2011-06-15 09:11 - 00058472 _____ (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys
    2016-08-06 00:58 - 2011-06-15 09:11 - 00027136 _____ (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys
    2016-08-06 00:57 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-08-06 00:57 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-08-06 00:57 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-08-06 00:57 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-08-06 00:57 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-08-06 00:57 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-08-06 00:57 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-08-06 00:57 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-08-06 00:57 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-08-06 00:57 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-08-06 00:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-08-06 00:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-08-06 00:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-08-06 00:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-08-06 00:55 - 2014-06-17 08:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
    2016-08-06 00:55 - 2014-06-17 08:13 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
    2016-08-06 00:55 - 2014-06-17 08:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2016-08-06 00:52 - 2016-08-06 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    2016-08-06 00:52 - 2016-08-06 00:52 - 00000000 ____D C:\ProgramData\AMD
    2016-08-06 00:52 - 2016-08-06 00:52 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2016-08-06 00:52 - 2012-03-30 10:49 - 00056448 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
    2016-08-06 00:51 - 2016-08-06 00:51 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
    2016-08-06 00:51 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
    2016-08-06 00:50 - 2016-08-06 14:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-08-06 00:50 - 2016-08-06 00:58 - 00000000 ____D C:\Program Files (x86)\Realtek
    2016-08-06 00:50 - 2016-08-06 00:51 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-08-06 00:50 - 2016-08-06 00:50 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2016-08-06 00:50 - 2016-08-06 00:50 - 00000000 ____D C:\Program Files\Realtek
    2016-08-06 00:50 - 2012-10-30 05:59 - 04201104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2016-08-06 00:50 - 2012-10-30 04:43 - 00369117 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2016-08-06 00:50 - 2012-10-29 04:34 - 02703456 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2016-08-06 00:50 - 2012-10-25 02:45 - 00116880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2016-08-06 00:50 - 2012-10-22 23:30 - 03671696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2016-08-06 00:50 - 2012-10-22 07:48 - 01269904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2016-08-06 00:50 - 2012-09-24 04:32 - 02080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2016-08-06 00:50 - 2012-09-19 12:59 - 00869752 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2016-08-06 00:50 - 2012-09-11 21:51 - 02743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2016-08-06 00:50 - 2012-09-09 02:34 - 02028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2016-08-06 00:50 - 2012-08-21 02:51 - 00881808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2016-08-06 00:50 - 2012-08-13 06:06 - 01561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2016-08-06 00:50 - 2012-08-03 06:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2016-08-06 00:50 - 2012-06-20 05:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2016-08-06 00:50 - 2012-06-08 04:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
    2016-08-06 00:50 - 2012-06-08 04:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
    2016-08-06 00:50 - 2012-06-08 04:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
    2016-08-06 00:50 - 2012-03-07 23:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2016-08-06 00:50 - 2012-03-07 23:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2016-08-06 00:50 - 2011-12-20 03:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2016-08-06 00:50 - 2011-12-16 02:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
    2016-08-06 00:50 - 2011-11-22 04:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2016-08-06 00:50 - 2010-11-07 19:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2016-08-06 00:50 - 2010-11-03 06:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2016-08-06 00:50 - 2010-09-26 21:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2016-08-06 00:50 - 2009-11-23 21:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2016-08-06 00:50 - 2009-11-23 21:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2016-08-06 00:50 - 2009-11-23 21:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2016-08-06 00:50 - 2009-11-23 21:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2016-08-06 00:50 - 2009-11-17 19:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
    2016-08-06 00:45 - 2016-08-06 00:45 - 00000000 ____D C:\Program Files (x86)\ATI
    2016-08-06 00:44 - 2016-08-06 00:52 - 00000000 ____D C:\Program Files\ATI Technologies
    2016-08-06 00:44 - 2016-08-06 00:44 - 00000000 ____D C:\Program Files\ATI
    2016-08-06 00:42 - 2016-08-06 02:26 - 00057952 _____ C:\Users\maxwell\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-08-06 00:40 - 2009-05-05 10:00 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
    2016-08-06 00:38 - 2016-08-06 02:07 - 00000000 ____D C:\Mobo drivers
    2016-08-06 00:24 - 2016-08-06 15:24 - 00000000 ____D C:\Users\maxwell\AppData\Local\ElevatedDiagnostics
    2016-08-06 00:06 - 2016-08-06 02:21 - 00002054 ____R C:\Users\maxwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
    2016-08-06 00:06 - 2016-08-06 02:21 - 00002054 ____R C:\Users\maxwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr (64-bit).lnk
    2016-08-06 00:05 - 2016-08-06 02:38 - 00000000 ____D C:\Users\maxwell
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000020 ___SH C:\Users\maxwell\ntuser.ini
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000000 _SHDL C:\Users\maxwell\My Documents
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000000 _SHDL C:\Users\maxwell\Documents\My Videos
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000000 _SHDL C:\Users\maxwell\Documents\My Pictures
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000000 _SHDL C:\Users\maxwell\Documents\My Music
    2016-08-06 00:05 - 2016-08-06 00:05 - 00000000 ____D C:\Users\maxwell\AppData\Local\VirtualStore
    2016-08-06 00:05 - 2011-04-12 04:28 - 00000000 ____D C:\Users\maxwell\AppData\Roaming\Media Center Programs

    =
     
  3. goatmaster

    goatmaster TS Rookie Topic Starter

    =================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-09 17:38 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-09 17:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-08-09 17:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-09 17:33 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-08-09 17:33 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-08-09 17:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
    2016-08-06 17:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-08-06 12:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SchCache
    2016-08-06 11:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
    2016-08-06 11:23 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
    2016-08-06 11:18 - 2009-07-14 00:45 - 00275064 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-06 11:12 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
    2016-08-06 03:53 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
    2016-08-06 03:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2016-08-06 02:57 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-08-06 02:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
    2016-08-06 02:55 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\CSC
    2016-08-06 02:36 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-08-06 02:36 - 2009-07-14 00:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2016-08-06 02:36 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2016-08-06 02:36 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2016-08-06 02:35 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2016-08-06 02:35 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2016-08-06 00:44 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-07-10 22:13 - 2012-07-27 22:44 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2016-07-10 22:13 - 2012-07-27 22:44 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

    ==================== Files in the root of some directories =======

    2016-08-06 01:34 - 2016-08-06 01:34 - 0127640 _____ () C:\Users\maxwell\AppData\Local\88688447.exe
    2016-08-06 18:39 - 2016-08-06 01:34 - 0319488 _____ () C:\Users\maxwell\AppData\Local\bivouac.exe
    2016-08-06 02:25 - 2016-08-06 02:25 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\maxwell\AppData\Local\install_flash_player_21_active_x.exe
    2016-08-06 18:39 - 2015-06-26 15:08 - 0294400 _____ (CodePlex Community) C:\Users\maxwell\AppData\Local\Microsoft.Win32.TaskScheduler.dll

    Some files in TEMP:
    ====================
    C:\Users\maxwell\AppData\Local\Temp\AxSFADownloader.exe
    C:\Users\maxwell\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\maxwell\AppData\Local\Temp\nvStInst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-06 02:54

    ==================== End of FRST.txt ============================
     
  4. goatmaster

    goatmaster TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2016 01
    Ran by maxwell (2016-08-09 18:07:04)
    Running from C:\Users\maxwell\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2016-08-06 04:05:31)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-682013197-156404839-2631474202-500 - Administrator - Disabled)
    Guest (S-1-5-21-682013197-156404839-2631474202-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-682013197-156404839-2631474202-1003 - Limited - Enabled)
    maxwell (S-1-5-21-682013197-156404839-2631474202-1000 - Administrator - Enabled) => C:\Users\maxwell

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
    Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
    NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
    Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3536C2EE-B384-4BA2-B27C-371CEC5E377B} - System32\Tasks\{F4041FC3-56B5-4D26-BFA9-BFAC0821E0FC} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {36266B67-2501-490B-8595-1C968A033268} - System32\Tasks\{F65D3A1B-DDD2-4224-9F80-D13870982118} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {6F34E77B-1998-4C80-AFEA-145DA7C5B9ED} - System32\Tasks\{B86FDC99-D89C-437B-B339-BF12F61267DA} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {896AF5B1-AFD1-4CA2-A5CB-7B98A37E625E} - System32\Tasks\{312C0515-4A0A-4564-879A-FA9E220A9331} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {9325F95A-4645-49BF-A18A-1F96F14E692F} - System32\Tasks\{381B06B7-9165-4BA5-9A2E-3B5E9C936199} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {A47D5ED9-8729-49F5-84FE-F1CC2DB381C6} - System32\Tasks\{BCB03BF3-F0AC-43CE-A8A3-2C259EF41CF1} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {A809CA79-1874-41DB-898F-E437787CFCDE} - System32\Tasks\{63524FE6-ED8B-4192-8C9E-E81898119E1A} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {B7D32960-411A-491F-A162-1586997E5B51} - System32\Tasks\{F709FB80-20EE-4C08-9A4B-7D434B397CE0} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {BEA567B1-C9DF-4CD9-B01C-013D37E6BEB7} - \4d837b0fe3a818aeb2725cf790c068c0 -> No File <==== ATTENTION
    Task: {D9D69E0B-6C82-43FD-97F0-A8CD65B2525D} - System32\Tasks\{8DD915B0-2CA1-470E-B7A9-85483CE7AEC5} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {DB519C77-EBFC-4EE0-9F2D-C59A62D46439} - System32\Tasks\{4C79C3D9-E81E-4B70-96F1-294C0FD5A0F2} => C:\Users\maxwell\Downloads\dotNetFx40_Full_setup.exe [2016-08-06] (Microsoft Corporation)
    Task: {EF81256C-BD37-421B-859A-87515C06743B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
    Task: {F72891EF-D210-41E5-AEF5-D49948051E3A} - \Da4551636545516365 -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\maxwell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
    Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

    ShortcutWithArgument: C:\Users\maxwell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e91c7a0382d86340\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) ==============

    2016-08-06 11:51 - 2016-07-10 19:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-08-06 11:54 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00292128 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    2016-08-06 01:17 - 2016-08-07 16:49 - 05398816 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\engine2.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00596768 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\tier0.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00475424 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vstdlib.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00984064 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\SDL2.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00469280 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\filesystem_stdio.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00370464 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\inputsystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00266528 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\imemanager.dll
    2016-08-06 01:36 - 2016-08-06 01:36 - 00225056 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\localize.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01323296 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\rendersystemdx11.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01343264 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\rendersystemdx9.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00611616 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\resourcesystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00695072 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\schemasystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01003808 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\materialsystem2.dll
    2016-08-06 01:36 - 2016-08-06 01:36 - 00181536 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\valve_avi.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 07306528 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scaleformui_4_dx11.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00837408 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\meshsystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01079072 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\worldrenderer.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00779552 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vscript.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 02225952 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\networksystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01345824 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\animationsystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 02070304 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\vphysics2.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01220896 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\soundsystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 02540832 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scenesystem.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 03160864 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\particles.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00339232 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\renderingpipelines.dll
    2016-08-06 01:17 - 2016-08-08 15:12 - 33510688 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\server.dll
    2016-08-06 01:17 - 2016-08-09 13:51 - 38066976 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\client.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 05981184 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\v8.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01795584 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\icui18n.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01414656 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\icuuc.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 03166720 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\video64.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 02926080 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavcodec-56.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00487936 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavutil-54.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00574976 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavformat-56.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00385024 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libavresample-2.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00564736 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libswscale-3.dll
    2016-08-06 01:17 - 2016-08-07 16:49 - 03668256 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\panorama.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01421600 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\panorama_text_pango.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00481280 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libfontconfig-1.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 01058304 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\libfreetype-6.dll
    2016-08-06 01:36 - 2016-08-06 01:36 - 00137728 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64mp3.asi
    2016-08-06 01:36 - 2016-08-06 01:36 - 00071168 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64ds3d.flt
    2016-08-06 01:36 - 2016-08-06 01:36 - 00131584 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\mss64eax.flt
    2016-08-06 01:17 - 2016-08-06 01:36 - 01394464 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\dota\bin\win64\host.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00273184 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\scenefilecache.dll
    2016-08-06 01:17 - 2016-08-06 01:36 - 00531744 _____ () C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\navsystem.dll
    2016-08-06 01:01 - 2016-08-02 19:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-06 01:01 - 2016-08-02 19:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
    2016-08-06 18:39 - 2016-08-06 01:34 - 00319488 _____ () C:\Users\maxwell\AppData\Local\bivouac.exe
    2016-08-06 11:54 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-08-06 01:12 - 2016-08-02 18:08 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2016-08-06 01:12 - 2016-08-02 18:10 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2016-08-06 01:12 - 2016-08-02 18:09 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2016-08-06 01:12 - 2016-08-02 18:09 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2016-08-06 01:12 - 2016-08-02 20:00 - 02320160 _____ () C:\Program Files (x86)\Steam\video.dll
    2016-08-06 01:12 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2016-08-06 01:12 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2016-08-06 01:12 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2016-08-06 01:12 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2016-08-06 01:12 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2016-08-06 01:12 - 2016-08-02 19:59 - 00831776 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-08-06 01:12 - 2016-07-06 18:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2016-08-06 01:12 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2016-08-06 01:12 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-08-06 02:25 - 00000914 ____A C:\Windows\system32\Drivers\etc\hosts

    162.222.194.13 cocomo.tremorhub.com
    162.222.194.13 cocomo.tremorhub.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-682013197-156404839-2631474202-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\maxwell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 71.10.216.1 - 71.10.216.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^maxwell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^characterization.lnk => C:\Windows\pss\characterization.lnk.Startup
    MSCONFIG\startupreg: adeptness => "C:\Program Files (x86)\hoover\bivouac.exe"
    MSCONFIG\startupreg: colorblind => "C:\Program Files (x86)\hoover\bivouac.exe"
    MSCONFIG\startupreg: dismemberment => "C:\Program Files (x86)\hoover\bivouac.exe"
    MSCONFIG\startupreg: gainst => "C:\Program Files (x86)\hoover\bivouac.exe"
    MSCONFIG\startupreg: ironwood => "C:\Program Files (x86)\hoover\bivouac.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D0AF85D3-C605-4754-9851-282F1C56EA78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D9F8545B-880B-4D56-BCC0-962D5DC03851}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{B6986BB2-38A4-461C-8A2A-6A683CF32492}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{9FE8EBCD-7733-4E46-9100-0F9B79EC2C2D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{AD353EAA-C27F-478F-AEB8-F63B933082BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9508654A-9D23-4D6A-8B16-28E5707213AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A0D0C4C9-D440-4649-B790-572335C1C553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DB5F28C4-FEEA-440A-A503-3894FC2C95EE}] => (Allow) C:\Users\maxwell\AppData\Local\Temp\MPCOnline\MPCDownload.exe
    FirewallRules: [{9CAE49E7-C277-48A8-A468-4945956EBFCE}] => (Allow) C:\Users\maxwell\AppData\Local\Temp\MPCOnline\MPCDownload.exe
    FirewallRules: [{AFECD5C6-E09B-4327-98B8-70BCFF1FE6B4}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩畲敬坜湩潒瑵䑥攮數
    FirewallRules: [{CAE0212F-6E8D-41AE-A592-D6599BF722B1}] => (Allow) C:\Users\maxwell\AppData\Local\ddnowyes.exe
    FirewallRules: [{C851E8BD-8539-4AFD-92E5-0FBD9FC6114C}] => (Allow) C:\Users\maxwell\AppData\Local\Temp\nsk786C.tmp\oksoft12.exe
    FirewallRules: [{184C3216-E1F0-4222-9902-7FE8A0ABE113}] => (Allow) C:\Users\maxwell\AppData\Local\25579022.exe
    FirewallRules: [{07EA93DB-4675-4B92-9DD7-18069E3D8DF0}] => (Allow) C:\Users\maxwell\AppData\Local\tinstall.exe
    FirewallRules: [{CEC0B9C3-DA5F-41C4-8454-8660E9ADEDC2}] => (Allow) C:\Users\maxwell\AppData\Local\cap.exe
    FirewallRules: [{AECFFFFA-EFC3-4402-B1B1-A33541847EF9}] => (Allow) C:\Users\maxwell\AppData\Local\ddnowyes.exe
    FirewallRules: [{189AD6B7-5FCE-4CED-9CB1-928A29A597B1}] => (Allow) C:\Users\maxwell\AppData\Local\Temp\nsvE9B5.tmp\setup.exe
    FirewallRules: [{1F88BEE3-3332-40EE-BB88-4F80F3A4A738}] => (Allow) C:\Users\maxwell\AppData\Local\60249082.exe
    FirewallRules: [{EC63C7C3-9FF7-4ACC-AE04-42A22D27B006}] => (Allow) C:\Users\maxwell\AppData\Local\tinstall.exe
    FirewallRules: [{FB24CE9D-05E8-4C8A-B130-10B5695C8554}] => (Allow) C:\Program Files (x86)\hoover\bivouac.exe
    FirewallRules: [{080DB154-5315-4560-AFD6-EBB473DA567C}] => (Allow) C:\Program Files (x86)\hoover\bivouac.exe
    FirewallRules: [TCP Query User{12D0E955-33C7-49FE-BC35-E686B7DFFC83}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
    FirewallRules: [UDP Query User{9DCCEF65-9B72-49CD-9CE1-7E591970C339}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
    FirewallRules: [{530EC2D3-0353-4B52-AC22-4DC1F8146B86}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{C01B2E16-7A8B-4844-AFA1-60AE8E9DA2C7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{4848B153-48A1-4A22-92B5-DB7DA1D120AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{40D5EEE5-87C0-439E-B5A6-D030174898AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{88415579-C815-45EB-85F2-C6A16D7EBEDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{E77D042D-C1CB-4CD1-AD02-D61EFE48C292}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{118B3AB2-5C5A-439A-B586-5E0316BDE150}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{CC94D4C2-19F4-41D4-AA73-8EC5D8F58B21}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
    FirewallRules: [UDP Query User{B40712AF-2136-426D-8214-BE6646BA766E}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe
    FirewallRules: [TCP Query User{542BFD7D-3B3C-4ACA-BA96-A7F41B5BCD90}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{F3B1CC2B-9003-48A4-8E7A-7EA9598EEEDB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [{22730D90-6FD7-4409-87C3-9049B3F4FCB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{3EC80767-BD6F-4DE7-ABD7-8186EA491D2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [TCP Query User{4DC899D6-DCCD-4D91-959D-6D5A4754913C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{BCD58864-2135-4EBE-989C-F266D343CE59}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

    ==================== Restore Points =========================

    06-08-2016 00:45:50 Installed AMD SATA Controller Driver
    06-08-2016 00:46:13 Installed AMD SATA Controller Driver
    06-08-2016 00:48:25 Installed AMD SATA Controller Driver
    06-08-2016 00:55:08 Installed Realtek Ethernet Controller Driver
    06-08-2016 00:57:05 Windows Update
    06-08-2016 00:58:09 Installed Realtek Ethernet Diagnostic Utility
    06-08-2016 01:41:50 SPTD setup V1.89
    06-08-2016 01:48:44 Installed Command & Conquer Generals
    06-08-2016 01:58:54 Installed Command and ConquerTM Generals Zero Hour
    06-08-2016 11:36:16 Installed DirectX
    06-08-2016 11:42:02 Removed Java 8 Update 101
    06-08-2016 11:50:06 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    06-08-2016 11:52:11 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    06-08-2016 11:52:24 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    06-08-2016 11:52:40 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
    06-08-2016 14:10:14 Configured Command & Conquer Generals
    06-08-2016 14:11:04 Configured Command and ConquerTM Generals Zero Hour
    07-08-2016 15:47:08 Windows Update
    08-08-2016 21:15:53 Installed DirectX

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/09/2016 05:35:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/09/2016 05:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
    Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
    Exception code: 0xc0000005
    Fault offset: 0x00000000000033c1
    Faulting process id: 0x5dc
    Faulting application start time: 0xFuel.Service.exe0
    Faulting application path: Fuel.Service.exe1
    Faulting module path: Fuel.Service.exe2
    Report Id: Fuel.Service.exe3

    Error: (08/09/2016 04:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/09/2016 04:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
    Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
    Exception code: 0xc0000005
    Fault offset: 0x00000000000033c1
    Faulting process id: 0x608
    Faulting application start time: 0xFuel.Service.exe0
    Faulting application path: Fuel.Service.exe1
    Faulting module path: Fuel.Service.exe2
    Report Id: Fuel.Service.exe3

    Error: (08/06/2016 10:17:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1438

    Start Time: 01d1f041de9144ce

    Termination Time: 823

    Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

    Report Id:

    Error: (08/06/2016 03:40:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Setup.exe version 10.0.30319.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e50

    Start Time: 01d1f01355b39701

    Termination Time: 3

    Application Path: C:\e4095b229d31decd2856aaf8c7\Setup.exe

    Report Id:

    Error: (08/06/2016 02:48:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Setup.exe version 10.0.30319.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 4e4

    Start Time: 01d1f01284108922

    Termination Time: 0

    Application Path: C:\67ced18b3736b6345321406006b4c21c\Setup.exe

    Report Id:

    Error: (08/06/2016 02:39:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 02:16:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2016 02:13:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
    Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
    Exception code: 0xc0000005
    Fault offset: 0x00000000000033c1
    Faulting process id: 0x610
    Faulting application start time: 0xFuel.Service.exe0
    Faulting application path: Fuel.Service.exe1
    Faulting module path: Fuel.Service.exe2
    Report Id: Fuel.Service.exe3


    System errors:
    =============
    Error: (08/09/2016 05:36:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2 = The system cannot find the file specified.

    Error: (08/09/2016 05:34:07 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

    Error: (08/09/2016 05:33:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/09/2016 04:40:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2 = The system cannot find the file specified.

    Error: (08/09/2016 04:38:19 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

    Error: (08/09/2016 04:37:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/08/2016 03:09:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (08/07/2016 02:46:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (08/06/2016 07:49:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (08/06/2016 02:40:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2 = The system cannot find the file specified.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-4100 Quad-Core Processor
    Percentage of memory in use: 78%
    Total physical RAM: 8173.55 MB
    Available physical RAM: 1774.51 MB
    Total Virtual: 16345.31 MB
    Available Virtual: 9712.24 MB

    ==================== Drives ================================

    Drive c: (Slow Drive) (Fixed) (Total:149.05 GB) (Free:70.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...