Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think theres a virus on my comp?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think theres a virus on my comp?

Unread postby tanhed123 » March 9th, 2016, 9:56 pm

video games starting to lag, they haven't before. Could someone help me see there is a virus on my computer? thanks
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm
Advertisement
Register to Remove

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 9th, 2016, 9:57 pm

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016
Ran by Kevin (administrator) on DESKTOP-O508F63 (21-02-2016 14:06:01)
Running from C:\Users\Kevin\Downloads
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 10 Pro 0(X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Users\Kevin\Downloads\RogueKiller (1).exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)
HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1eebd50f-90d3-456b-8e45-267cf54c0d02}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k3d8r146.default
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-18]
CHR Extension: (Google Search) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-21] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [43704 2015-11-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-21] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 14:06 - 2016-02-21 14:06 - 00008397 _____ C:\Users\Kevin\Downloads\FRST.txt
2016-02-21 14:05 - 2016-02-21 14:06 - 00000000 ____D C:\FRST
2016-02-21 14:05 - 2016-02-21 14:05 - 02371072 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2016-02-21 13:49 - 2016-02-21 13:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-21 13:49 - 2016-02-21 13:49 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-21 13:49 - 2016-02-21 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-21 13:49 - 2016-02-21 13:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-21 13:48 - 2016-02-21 13:49 - 11443792 _____ (SurfRight B.V.) C:\Users\Kevin\Downloads\HitmanPro_x64 (1).exe
2016-02-21 13:45 - 2016-02-21 13:45 - 00000635 _____ C:\Users\Kevin\Desktop\JRT.txt
2016-02-21 13:43 - 2016-02-21 13:43 - 01609216 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT (3).exe
2016-02-21 13:42 - 2016-02-21 13:42 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2016-02-21 13:35 - 2016-02-21 13:53 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-21 13:35 - 2016-02-21 13:44 - 01609216 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT (2).exe
2016-02-21 13:35 - 2016-02-21 13:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-21 13:34 - 2016-02-21 13:53 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller (1).exe
2016-02-21 13:34 - 2016-02-21 13:35 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller (2).exe
2016-02-21 13:32 - 2016-02-21 13:32 - 00000000 _____ C:\Users\Kevin\Downloads\JRT (1).exe
2016-02-21 13:30 - 2016-02-21 13:53 - 00002872 _____ C:\Users\Kevin\Desktop\Rkill.txt
2016-02-21 13:29 - 2016-02-21 13:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe
2016-02-21 13:29 - 2016-02-21 13:29 - 00000000 _____ C:\Users\Kevin\Downloads\JRT.exe
2016-02-21 13:28 - 2016-02-21 13:43 - 01511424 _____ C:\Users\Kevin\Downloads\AdwCleaner.exe
2016-02-21 13:28 - 2016-02-21 13:43 - 00000000 ____D C:\AdwCleaner
2016-02-20 03:46 - 2016-02-20 03:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-19 22:30 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-02-19 22:28 - 2016-02-19 22:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-19 22:28 - 2016-02-19 22:28 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 20:52 - 2016-02-19 20:52 - 00000000 ____D C:\Users\Kevin\Documents\League of Legends
2016-02-19 20:45 - 2016-02-19 20:45 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\LolClient
2016-02-19 15:29 - 2016-02-19 15:29 - 00000000 ____D C:\ProgramData\Riot Games
2016-02-19 15:28 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-02-19 15:28 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-02-19 15:28 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-02-19 15:28 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-02-19 15:28 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-02-19 15:27 - 2016-02-19 15:27 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-02-19 15:27 - 2016-02-19 15:27 - 00000000 ____D C:\Riot Games
2016-02-19 15:27 - 2016-02-19 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-19 15:26 - 2016-02-19 15:28 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Riot Games
2016-02-19 15:26 - 2016-02-19 15:26 - 27864920 _____ (Riot Games) C:\Users\Kevin\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2016-02-19 12:23 - 2016-02-19 12:23 - 00000000 ____D C:\Users\Kevin\AppData\Local\PeerDistRepub
2016-02-19 00:53 - 2016-02-19 00:53 - 00000000 ____D C:\Users\Kevin\Documents\My Games
2016-02-19 00:52 - 2016-02-19 00:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-19 00:52 - 2016-02-19 00:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-19 00:52 - 2016-02-19 00:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-02-19 00:52 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-02-19 00:52 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-02-19 00:52 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-02-19 00:52 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-02-19 00:52 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-02-19 00:52 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-02-19 00:52 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-02-19 00:52 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-02-19 00:52 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-02-19 00:52 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-02-19 00:52 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-02-19 00:52 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-02-19 00:52 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-02-19 00:52 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-02-19 00:52 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-02-19 00:52 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-02-19 00:52 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-02-19 00:52 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-02-19 00:52 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-02-19 00:52 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\Users\Kevin\AppData\Local\Comms
2016-02-19 00:12 - 2016-02-21 13:46 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-19 00:12 - 2016-02-18 21:32 - 00000000 ____D C:\Users\Kevin\AppData\Local\MicrosoftEdge
2016-02-19 00:11 - 2016-02-19 00:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\ActiveSync
2016-02-19 00:11 - 2016-02-18 22:17 - 00002367 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-19 00:11 - 2016-02-18 22:17 - 00000000 ___RD C:\Users\Kevin\OneDrive
2016-02-19 00:10 - 2016-02-19 00:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-19 00:09 - 2016-02-21 13:42 - 00000000 __SHD C:\Users\Kevin\IntelGraphicsProfiles
2016-02-19 00:09 - 2016-02-21 13:42 - 00000000 ____D C:\Users\Kevin
2016-02-19 00:09 - 2016-02-20 11:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-19 00:09 - 2016-02-19 00:09 - 00000020 ___SH C:\Users\Kevin\ntuser.ini
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 _SHDL C:\Users\Kevin\My Documents
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Videos
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Pictures
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Music
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Adobe
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\VirtualStore
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\TileDataLayer
2016-02-19 00:09 - 2016-02-19 00:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\Publishers
2016-02-19 00:09 - 2016-02-18 23:47 - 00000000 ____D C:\Users\Kevin\AppData\Local\Packages
2016-02-19 00:08 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-19 00:07 - 2016-02-19 00:07 - 00000000 ____D C:\ProgramData\USOShared
2016-02-19 00:06 - 2016-02-21 13:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\Default User
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Users\All Users
2016-02-19 00:06 - 2016-02-19 00:06 - 00000000 _SHDL C:\Documents and Settings
2016-02-19 00:05 - 2016-02-21 13:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-19 00:05 - 2016-02-19 00:08 - 00000000 ____D C:\Intel
2016-02-19 00:05 - 2016-02-19 00:05 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-19 00:05 - 2016-02-19 00:05 - 00000000 ____D C:\Program Files\Realtek
2016-02-19 00:05 - 2015-11-16 20:59 - 00092656 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-19 00:04 - 2016-02-20 03:32 - 00189016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-19 00:04 - 2016-02-19 00:04 - 00000000 ____D C:\Program Files\Intel
2016-02-19 00:04 - 2015-07-22 20:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-19 00:04 - 2015-07-22 20:10 - 00579912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-02-19 00:04 - 2015-07-22 20:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-19 00:04 - 2015-07-21 23:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-19 00:03 - 2016-02-19 00:03 - 00000000 _____ C:\Recovery.txt
2016-02-18 23:30 - 2016-02-19 00:08 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-18 23:30 - 2016-02-18 23:30 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-18 23:29 - 2016-02-18 23:29 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-18 23:28 - 2016-02-18 23:28 - 00000000 ____D C:\WINDOWS\Setup
2016-02-18 23:28 - 2016-02-18 23:28 - 00000000 ____D C:\Program Files\Synaptics
2016-02-18 23:27 - 2016-02-18 23:27 - 00000000 ____D C:\WINDOWS\OCR
2016-02-18 23:27 - 2016-02-18 23:27 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-18 23:27 - 2016-02-18 23:27 - 00000000 ____D C:\Program Files\MSBuild
2016-02-18 23:27 - 2016-02-18 23:27 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-18 23:27 - 2016-02-18 23:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\0409
2016-02-18 23:26 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-18 23:25 - 2016-02-03 14:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-18 23:25 - 2016-02-03 14:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-18 23:24 - 2016-02-21 00:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-18 23:24 - 2016-02-20 03:31 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-18 23:24 - 2016-02-19 20:20 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-18 23:24 - 2016-02-19 10:57 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-18 23:24 - 2016-02-19 00:52 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-18 23:24 - 2016-02-19 00:51 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-18 23:24 - 2016-02-19 00:25 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-18 23:24 - 2016-02-19 00:09 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-18 23:24 - 2016-02-19 00:09 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-18 23:24 - 2016-02-19 00:09 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-18 23:24 - 2016-02-19 00:08 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-18 23:24 - 2016-02-19 00:08 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-18 23:24 - 2016-02-19 00:07 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-18 23:24 - 2016-02-19 00:06 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-18 23:24 - 2016-02-19 00:06 - 00000000 ____D C:\WINDOWS\rescache
2016-02-18 23:24 - 2016-02-19 00:06 - 00000000 ____D C:\WINDOWS\CSC
2016-02-18 23:24 - 2016-02-19 00:04 - 00000000 ____D C:\WINDOWS\Help
2016-02-18 23:24 - 2016-02-19 00:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\IME
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-18 23:24 - 2016-02-18 23:26 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 __RSD C:\WINDOWS\Media
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Web
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Vss
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\tracing
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\System
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SKB
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\security
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\schemas
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Resources
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Registration
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\PLA
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Performance
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\Branding
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\addins
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\ProgramData\Comms
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files\Windows NT
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-18 23:24 - 2016-02-18 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-18 23:24 - 2016-02-18 23:23 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-18 23:24 - 2016-02-18 23:23 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-18 23:24 - 2016-02-18 23:23 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-18 23:24 - 2016-02-18 23:23 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-18 23:24 - 2016-02-18 23:23 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-18 23:24 - 2016-02-18 23:23 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-18 23:24 - 2016-02-18 23:23 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-18 23:24 - 2016-02-18 23:23 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-18 23:24 - 2016-02-18 23:23 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-18 23:24 - 2016-02-18 23:23 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-18 23:24 - 2016-02-18 23:23 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-18 23:24 - 2016-02-18 23:23 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-18 23:24 - 2016-02-18 23:23 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-18 23:24 - 2016-02-18 23:23 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-18 23:24 - 2016-02-18 23:23 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-18 23:24 - 2016-02-18 23:23 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-18 23:24 - 2016-02-18 23:23 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-18 23:24 - 2016-02-18 23:23 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-18 23:24 - 2016-02-18 23:23 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-18 23:24 - 2016-02-18 23:13 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-18 23:23 - 2016-02-21 13:46 - 00000000 ____D C:\WINDOWS\INF
2016-02-18 23:19 - 2016-02-19 22:30 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-18 23:17 - 2016-02-21 13:42 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-18 23:17 - 2016-02-19 00:06 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-18 23:17 - 2016-02-18 23:26 - 00000000 ____D C:\WINDOWS\servicing
2016-02-18 23:17 - 2016-02-18 23:24 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-02-18 23:17 - 2015-10-30 01:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-02-18 23:10 - 2016-02-18 23:10 - 00000000 ____D C:\Users\Kevin\AppData\Local\NetworkTiles
2016-02-18 22:59 - 2016-02-21 13:49 - 11443792 _____ (SurfRight B.V.) C:\Users\Kevin\Downloads\HitmanPro_x64.exe
2016-02-18 22:21 - 2016-02-18 22:21 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-18 22:02 - 2016-02-18 22:02 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-18 22:02 - 2016-02-18 22:02 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-18 22:02 - 2016-02-18 22:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla
2016-02-18 22:02 - 2016-02-18 22:02 - 00000000 ____D C:\Users\Kevin\AppData\Local\Mozilla
2016-02-18 22:02 - 2016-02-18 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-18 22:02 - 2016-02-18 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-18 22:01 - 2016-02-18 22:01 - 00242080 _____ C:\Users\Kevin\Downloads\Firefox Setup Stub 44.0.2 (1).exe
2016-02-18 22:00 - 2016-02-18 22:00 - 00242080 _____ C:\Users\Kevin\Downloads\Firefox Setup Stub 44.0.2.exe
2016-02-18 21:55 - 2016-02-18 21:56 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Foxit Software
2016-02-18 21:55 - 2016-02-18 21:55 - 00001428 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-02-18 21:55 - 2016-02-18 21:55 - 00000000 ____D C:\Users\Public\Foxit Software
2016-02-18 21:55 - 2016-02-18 21:55 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Foxit AgentInformation
2016-02-18 21:55 - 2016-02-18 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-02-18 21:55 - 2016-02-18 21:55 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-02-18 21:53 - 2016-02-18 21:54 - 43048592 _____ (Foxit Software Inc. ) C:\Users\Kevin\Downloads\FoxitReader73_enu_Setup_Prom.exe
2016-02-18 21:52 - 2016-02-18 21:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\Steam
2016-02-18 21:52 - 2016-02-18 21:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\CEF
2016-02-18 21:50 - 2016-02-21 13:43 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-18 21:50 - 2016-02-18 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-18 21:49 - 2016-02-18 21:49 - 01380712 _____ C:\Users\Kevin\Downloads\SteamSetup.exe
2016-02-18 21:44 - 2016-02-18 21:48 - 295249739 _____ C:\Users\Kevin\Downloads\CB10h-Edition.pdf
2016-02-18 21:42 - 2016-02-18 21:42 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller.exe
2016-02-18 21:38 - 2016-02-18 21:38 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 21:38 - 2016-02-18 21:38 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 21:37 - 2016-02-21 13:42 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 21:37 - 2016-02-21 13:42 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 21:37 - 2016-02-19 14:01 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google
2016-02-18 21:37 - 2016-02-18 21:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-18 21:37 - 2016-02-18 21:37 - 00987728 _____ (Google Inc.) C:\Users\Kevin\Downloads\ChromeSetup.exe
2016-02-18 21:37 - 2016-02-18 21:37 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-18 21:37 - 2016-02-18 21:37 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-18 21:33 - 2016-02-18 21:33 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Macromedia
2016-02-18 20:15 - 2016-02-19 00:03 - 00000000 ___HD C:\$SysReset
2016-02-09 14:29 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-09 14:29 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-09 14:29 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 14:29 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 14:29 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 14:29 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 14:29 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 14:29 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-09 14:29 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-09 14:29 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 14:29 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 14:29 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 14:29 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-09 14:29 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-09 14:29 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 14:29 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 14:29 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 14:29 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 14:29 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-09 14:29 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 14:29 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-09 14:29 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 14:29 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-09 14:29 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-09 14:29 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 14:29 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 14:29 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-09 14:29 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-09 14:29 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 14:29 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 14:29 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 14:29 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 14:29 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 14:29 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-09 14:29 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 14:29 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 14:29 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-09 14:29 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-09 14:29 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 14:29 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 14:29 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 14:29 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 14:29 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 14:29 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-09 14:29 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 14:29 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 14:29 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 14:29 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 14:29 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 14:29 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 14:29 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 14:29 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 14:29 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 14:29 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 14:29 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 14:29 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 14:29 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 14:29 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 14:29 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 14:29 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 14:29 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 14:29 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 14:29 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 14:29 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-09 14:29 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-01-28 12:00 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 12:00 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 11:59 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 11:59 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 11:59 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 11:59 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 11:59 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 11:59 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 11:59 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 11:59 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 11:59 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 11:59 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 11:59 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 11:59 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 11:59 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 11:59 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 11:59 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 11:59 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 11:59 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 11:59 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 11:59 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 11:59 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 11:59 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 11:59 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 11:59 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 11:59 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 11:59 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 11:59 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 11:59 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 11:59 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 11:59 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 11:59 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 11:59 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 11:59 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 11:59 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 11:59 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 11:59 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 11:59 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 11:59 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 11:59 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 11:59 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 11:59 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 11:59 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 11:59 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 11:59 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 11:59 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 11:59 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 11:59 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 11:59 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 11:59 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 11:59 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 11:59 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 11:59 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 11:59 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 11:59 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 11:59 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 11:59 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 11:59 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 11:59 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 11:59 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 11:59 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 11:59 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 11:59 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 11:59 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 11:59 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 11:59 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 11:59 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 11:59 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 11:59 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 11:59 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 11:59 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 11:59 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 11:59 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 11:59 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 11:59 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 11:59 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 11:59 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 11:59 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 11:59 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 11:59 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 11:59 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 11:59 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 11:59 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 11:59 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 11:59 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 11:59 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 11:59 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 11:59 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 11:59 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 11:59 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 11:59 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 11:59 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 11:59 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 11:59 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 11:59 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 11:59 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 11:59 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 11:59 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 11:59 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 11:59 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 11:59 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 11:59 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 11:59 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 11:59 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 11:59 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 11:59 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 11:59 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 11:59 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Files in the root of some directories =======

2016-02-19 00:05 - 2016-02-19 00:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kevin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-18 23:37

==================== End of FRST.txt ============================
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 9th, 2016, 9:57 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by Kevin (2016-02-21 14:06:26)
Running from C:\Users\Kevin\Downloads
Windows 10 Pro 0(X64) (2016-02-19 05:08:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2927064332-1517903795-2755176479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2927064332-1517903795-2755176479-503 - Limited - Disabled)
Guest (S-1-5-21-2927064332-1517903795-2755176479-501 - Limited - Disabled)
Kevin (S-1-5-21-2927064332-1517903795-2755176479-1001 - Administrator - Enabled) => C:\Users\Kevin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2927064332-1517903795-2755176479-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B84AFAF-7E26-4ED1-9667-08B376A5A491} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-19] (Microsoft Corporation)
Task: {76DC4309-75EF-4F5B-9B34-2C2D4AED8017} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {9C5ABE56-7707-4DAE-AAD4-28A27E057F52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-18 21:50 - 2016-02-18 21:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 23:48 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 23:48 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-21 13:34 - 2016-02-21 13:53 - 20945480 _____ () C:\Users\Kevin\Downloads\RogueKiller (1).exe
2016-01-13 00:29 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:29 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 11:59 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 11:59 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-18 21:50 - 2016-02-18 21:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-18 21:50 - 2016-02-18 21:51 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-18 23:24 - 2016-02-18 23:23 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DFF23526-0EE9-4653-BCDF-3C9ED8704A01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E89E6FD-F468-443C-B77A-D5F03C3EE96A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F8508BD-8069-454E-B94B-21CC8EE0D9D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1466C49A-7DB6-490B-B13B-05D9F123E555}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F5EE0ED-E61B-414A-A33D-9828BE5DE1A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3266C899-EB03-45B6-B8AB-92E49AD828A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EAA0BFB-6F1D-4025-9FAC-34F638996FFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A06F5FA7-0ABD-4771-B36F-D0378619498C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{421B5462-1187-40CF-BF6B-87631FF28A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe

==================== Restore Points =========================

19-02-2016 00:52:20 Installed DirectX
21-02-2016 13:44:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2016 01:44:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/21/2016 01:42:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
Exception code: 0xc0000005
Fault offset: 0x00000000000780cd
Faulting process id: 0xc7c
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (02/19/2016 10:31:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/19/2016 07:15:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LoLPatcher.exe, version: 0.37.0.182, time stamp: 0x56ba5c96
Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c
Exception code: 0xe06d7363
Fault offset: 0x000bd8a8
Faulting process id: 0x1ca0
Faulting application start time: 0xLoLPatcher.exe0
Faulting application path: LoLPatcher.exe1
Faulting module path: LoLPatcher.exe2
Report Id: LoLPatcher.exe3
Faulting package full name: LoLPatcher.exe4
Faulting package-relative application ID: LoLPatcher.exe5

Error: (02/19/2016 03:23:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10586.0, time stamp: 0x5632d822
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.0, time stamp: 0x5632d920
Exception code: 0xc000027b
Fault offset: 0x00000000006fcd2b
Faulting process id: 0x1ba8
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (02/19/2016 12:52:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/19/2016 12:14:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.0, time stamp: 0x5632d184
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x247c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/18/2016 11:55:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-O508F63)
Description: Package 4DF9E0F8.Netflix_6.6.33.0_x64__mcm4njqhnhss8+Netflix.App was terminated because it took too long to suspend.

Error: (02/18/2016 10:58:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.0, time stamp: 0x5632d184
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0xe5c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/18/2016 10:00:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O508F63)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/21/2016 01:53:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (02/21/2016 01:53:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (02/21/2016 01:44:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/21/2016 01:42:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_159b26 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/21/2016 01:42:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/21/2016 01:42:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/21/2016 01:42:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/21/2016 01:42:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/21/2016 01:42:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/21/2016 01:42:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-02-21 02:32:11.884
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-20 03:32:46.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-20 03:29:32.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-19 22:30:40.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-19 22:24:09.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-19 10:58:03.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-19 00:04:26.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8104.27 MB
Available physical RAM: 4584.56 MB
Total Virtual: 10024.27 MB
Available Virtual: 6714.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.92 GB) (Free:190.35 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby pgmigg » March 9th, 2016, 10:48 pm

By posting your 2 logs separately of your initial post you have effectively Replied to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to your topic before a helper replies.

Please start a new topic with just a single post, and this time attach your logs, then wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 341 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware