Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think theres a virus on my comp?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think theres a virus on my comp?

Unread postby tanhed123 » March 10th, 2016, 6:43 pm

I downloaded a pdf and now whenever I play video games or watch movies theres a little lag every now and then which I never experienced, can someone please help me resolve this issue? thank you
You do not have the required permissions to view the files attached to this post.
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm
Advertisement
Register to Remove

Re: I think theres a virus on my comp?

Unread postby capnkrunch » March 14th, 2016, 3:36 am

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello tanhed123 and welcome to the Malware Removal Forums :)

Apologies about the delay in getting to your topic. My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think theres a virus on my comp?

Unread postby capnkrunch » March 14th, 2016, 3:49 am

Please note that Malware Removal is currently experiencing issues with our email notifications.
For the time being you will not receive an email when I reply to your topic. Because of this please try to check this topic at least once a day for new replies. I will inform you when the email notifications are working again.

The FRST logs that you posted are several weeks old and I need to see what is currently going on with your machine.

Revised FRST Scan
  • Please delete any copies of FRST64.exe that you have. Download the current version HERE and save it to your Desktop.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finishes.
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 14th, 2016, 10:43 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Kevin (administrator) on DESKTOP-O508F63 (14-03-2016 10:40:14)
Running from C:\Users\Kevin\Downloads
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.17801.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)
HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\MountPoints2: {7560bf60-e107-11e5-95cd-d07e35095839} - "D:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1eebd50f-90d3-456b-8e45-267cf54c0d02}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k3d8r146.default
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-01] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [43704 2015-11-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-12] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 10:38 - 2016-03-14 10:38 - 02374144 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (2).exe
2016-03-14 10:37 - 2016-03-14 10:37 - 02374144 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64 (1).exe
2016-03-12 17:55 - 2016-03-12 17:56 - 05658088 _____ (Swearware) C:\Users\Kevin\Downloads\ComboFix.exe
2016-03-12 17:53 - 2016-03-12 18:13 - 28777312 _____ (Adlice Software ) C:\Users\Kevin\Downloads\setup.exe
2016-03-12 17:53 - 2016-03-12 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-12 17:53 - 2016-03-12 18:13 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-12 17:49 - 2016-03-12 18:19 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:49 - 2016-03-12 17:49 - 01524224 _____ C:\Users\Kevin\Downloads\adwcleaner_5.101.exe
2016-03-09 15:26 - 2016-03-09 15:26 - 00003336 _____ C:\WINDOWS\System32\Tasks\{698BAA7A-ED3A-48AD-9BEC-9C86CF50A2C3}
2016-03-08 17:37 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-08 17:37 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-08 17:37 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-08 17:37 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 17:37 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-08 17:37 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 17:37 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 17:37 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-08 17:37 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-08 17:37 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 17:37 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-08 17:37 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 17:37 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-08 17:37 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-08 17:37 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 17:37 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-08 17:37 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-08 17:37 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 17:37 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 17:37 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-08 17:37 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 17:37 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-08 17:37 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-08 17:37 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-08 17:37 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 17:37 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 17:37 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-08 17:37 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 17:37 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 17:37 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-08 17:37 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-08 17:37 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-08 17:37 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 17:37 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-08 17:37 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 17:37 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 17:37 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 17:37 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 17:37 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 17:37 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-08 17:37 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-08 17:37 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 17:37 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 17:37 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 17:37 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-08 17:37 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 17:37 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 17:37 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 17:37 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-08 17:37 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 17:37 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 17:37 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 17:37 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 17:37 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-08 17:37 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-08 17:37 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 17:37 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 17:37 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-08 17:37 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 17:37 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 17:37 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-08 17:37 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-08 17:37 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 17:37 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 17:37 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 17:37 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-08 17:37 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 17:37 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-08 17:37 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-08 17:37 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 17:37 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-08 17:37 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 17:37 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-08 17:37 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-08 17:37 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-08 17:37 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 17:37 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 17:37 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-08 17:37 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 17:37 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 17:37 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 17:37 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-08 17:37 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-08 17:37 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-08 17:37 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-08 17:37 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 17:37 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-08 17:37 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-08 17:37 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-08 17:37 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-08 17:37 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-08 17:37 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-08 17:37 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-08 17:37 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 17:37 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-08 17:37 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 17:37 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 17:37 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-08 17:37 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 17:37 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 17:37 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-08 17:37 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 17:37 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 17:37 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 17:37 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 17:37 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 17:37 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 17:37 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 17:37 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 17:37 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 17:37 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 17:37 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 17:36 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-08 17:36 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 17:36 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 17:36 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 17:36 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 17:36 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 17:36 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 17:36 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-08 17:36 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-08 17:36 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 17:36 - 2016-02-24 03:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-08 17:36 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 17:36 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-08 17:36 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 17:36 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-08 17:36 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-08 17:36 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-08 17:36 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 17:36 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-08 17:36 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 17:36 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 17:36 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 17:36 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-08 17:36 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 17:36 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-08 17:36 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-08 17:36 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-08 17:36 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 17:36 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 17:36 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 17:36 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 17:36 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-08 17:36 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-08 17:36 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 17:36 - 2016-02-24 02:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-08 17:36 - 2016-02-24 02:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-08 17:36 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 17:36 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-08 17:36 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-08 17:36 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-08 17:36 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-08 17:36 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-08 17:36 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 17:36 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-08 11:14 - 2016-03-08 11:14 - 00018869 _____ C:\Users\Kevin\Downloads\The+Weekend+-+Acquainted+(slowed+Pitch+Corrected).html
2016-03-05 17:52 - 2016-03-05 17:52 - 00000000 ____D C:\Users\Kevin\Documents\TurboTax
2016-03-05 17:52 - 2016-03-05 17:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\Intuit
2016-03-05 17:50 - 2016-03-05 17:50 - 00000000 ____D C:\Users\Kevin\AppData\Local\IsolatedStorage
2016-03-05 17:49 - 2016-03-05 17:52 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Intuit
2016-03-05 17:48 - 2016-03-05 17:49 - 00000319 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-05 17:48 - 2016-03-05 17:48 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-05 17:48 - 2016-03-05 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-05 17:47 - 2016-03-05 17:47 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-03-05 17:45 - 2016-03-05 17:48 - 00000000 ____D C:\ProgramData\Intuit
2016-03-03 13:27 - 2016-03-03 13:27 - 21428513 _____ C:\Users\Kevin\Downloads\7-01sc-fall-2011.zip
2016-03-03 02:15 - 2016-03-03 02:15 - 00000000 ____D C:\Users\Kevin\AppData\Local\Foxit Reader
2016-03-02 16:08 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 16:08 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 16:08 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 16:08 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 16:08 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 16:08 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 16:08 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 16:08 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 16:08 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 16:08 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 16:08 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 16:08 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 16:08 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 16:08 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 16:08 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 16:08 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 16:08 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 16:08 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 16:08 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 16:08 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 16:08 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 16:08 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 16:08 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 16:08 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 16:08 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 16:08 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 16:08 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 16:08 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 16:08 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 16:08 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 16:08 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 16:08 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 16:08 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 16:08 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 16:08 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 16:08 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 16:08 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 16:08 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 16:08 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 16:08 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 16:08 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 16:08 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 16:08 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 16:08 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 16:08 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 16:08 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 16:08 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 16:08 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 16:08 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 16:08 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 16:08 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 16:08 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 16:08 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 16:08 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 16:08 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 16:08 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 16:08 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 16:07 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 16:07 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 16:07 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 16:07 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 16:07 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 16:07 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 16:07 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 16:07 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 16:07 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 16:07 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 16:07 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 16:07 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 16:07 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 16:07 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 16:07 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 16:07 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 16:07 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 16:07 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 16:07 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 16:07 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 16:07 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 16:07 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 16:07 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 16:07 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 16:07 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 16:07 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 16:07 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 16:07 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 16:07 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 16:07 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 16:07 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 16:07 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 16:07 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 16:07 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 16:07 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 16:07 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 16:07 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 16:07 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 16:07 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 16:07 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 16:07 - 2016-02-23 04:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 16:07 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 16:07 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 16:07 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 16:07 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 16:07 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 16:07 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 16:07 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 16:07 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 16:07 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 16:07 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 16:07 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 16:07 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 16:07 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 16:07 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 16:07 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 16:07 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 16:07 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 16:07 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 16:07 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 16:07 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 16:07 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 16:07 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 16:07 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 16:07 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 16:07 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 16:07 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 16:07 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 16:07 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 16:07 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 16:07 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 16:07 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 16:07 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 16:07 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 16:07 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 16:07 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 16:07 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 16:07 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 16:07 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 16:07 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 16:07 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 16:07 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 16:07 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 16:07 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 16:07 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 16:07 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 16:07 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 16:07 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 16:07 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 16:07 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 16:07 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 16:07 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 16:07 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 16:07 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 16:07 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 16:07 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 16:07 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 16:07 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 16:07 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 16:07 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 16:07 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 16:07 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 16:07 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 16:07 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 16:07 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 16:07 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 16:07 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 16:07 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 16:07 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 16:07 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 16:07 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 16:07 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 16:07 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 16:07 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 16:07 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 16:07 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 16:07 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 16:07 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 16:07 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 16:07 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 16:07 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 16:07 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 16:07 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-29 00:26 - 2016-02-29 00:30 - 165793530 _____ C:\Users\Kevin\Downloads\0153_05_big.mp4
2016-02-29 00:20 - 2016-02-29 00:30 - 157975535 _____ C:\Users\Kevin\Downloads\0159_01_big.mp4
2016-02-29 00:05 - 2016-02-29 00:11 - 180108628 _____ C:\Users\Kevin\Downloads\0163_01_big.mp4
2016-02-28 23:57 - 2016-02-29 00:05 - 201627410 _____ C:\Users\Kevin\Downloads\0136_02_big.mp4
2016-02-28 23:54 - 2016-02-28 23:59 - 162595450 _____ C:\Users\Kevin\Downloads\0168_07_big.mp4
2016-02-28 23:47 - 2016-02-29 00:05 - 245728463 _____ C:\Users\Kevin\Downloads\0136_03_big.mp4
2016-02-28 23:45 - 2016-02-29 00:04 - 239956752 _____ C:\Users\Kevin\Downloads\0136_05_big.mp4
2016-02-28 23:39 - 2016-02-28 23:54 - 205677896 _____ C:\Users\Kevin\Downloads\0446_04_big.mp4
2016-02-28 23:32 - 2016-02-28 23:45 - 200341854 _____ C:\Users\Kevin\Downloads\0444_05_big.mp4
2016-02-28 23:30 - 2016-02-28 23:40 - 133948963 _____ C:\Users\Kevin\Downloads\0444_04_big.mp4
2016-02-28 23:24 - 2016-02-28 23:36 - 149156615 _____ C:\Users\Kevin\Downloads\0447_04_big.mp4
2016-02-27 21:21 - 2016-02-27 21:21 - 00000000 ____D C:\ProgramData\Nexon
2016-02-27 12:24 - 2016-02-27 12:24 - 00003336 _____ C:\WINDOWS\System32\Tasks\{01CFDB50-A5F5-4ED5-9197-C0F8622ED655}
2016-02-25 22:53 - 2016-02-25 22:53 - 00003336 _____ C:\WINDOWS\System32\Tasks\{35696DF7-788C-4F20-A311-4F28FE9F1647}
2016-02-25 18:22 - 2016-02-25 18:22 - 00000000 ____D C:\ProgramData\Sophos
2016-02-24 22:26 - 2016-02-24 22:26 - 00006012 _____ C:\Users\Kevin\Downloads\getdl2.htm
2016-02-23 12:15 - 2016-02-23 12:15 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-02-23 12:15 - 2016-02-23 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-02-23 12:15 - 2016-02-23 12:15 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-02-23 12:12 - 2016-02-25 18:21 - 143777728 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool.exe
2016-02-21 15:06 - 2016-03-14 10:40 - 00009175 _____ C:\Users\Kevin\Downloads\FRST.txt
2016-02-21 15:06 - 2016-02-21 15:06 - 00019828 _____ C:\Users\Kevin\Downloads\Addition.txt
2016-02-21 15:05 - 2016-03-14 10:40 - 00000000 ____D C:\FRST
2016-02-21 15:05 - 2016-02-21 15:05 - 02371072 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe
2016-02-21 14:49 - 2016-02-21 14:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-21 14:49 - 2016-02-21 14:49 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-21 14:49 - 2016-02-21 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-21 14:49 - 2016-02-21 14:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-21 14:48 - 2016-02-21 14:49 - 11443792 _____ (SurfRight B.V.) C:\Users\Kevin\Downloads\HitmanPro_x64 (1).exe
2016-02-21 14:45 - 2016-02-21 15:20 - 00000554 _____ C:\Users\Kevin\Desktop\JRT.txt
2016-02-21 14:43 - 2016-02-21 14:43 - 01609216 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT (3).exe
2016-02-21 14:42 - 2016-03-13 20:59 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2016-02-21 14:35 - 2016-03-12 18:11 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-21 14:35 - 2016-02-21 15:19 - 01609216 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT (2).exe
2016-02-21 14:35 - 2016-02-21 14:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-21 14:34 - 2016-02-21 14:53 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller (1).exe
2016-02-21 14:34 - 2016-02-21 14:35 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller (2).exe
2016-02-21 14:32 - 2016-02-21 15:19 - 00000000 _____ C:\Users\Kevin\Downloads\JRT (1).exe
2016-02-21 14:30 - 2016-02-21 14:53 - 00002872 _____ C:\Users\Kevin\Desktop\Rkill.txt
2016-02-21 14:29 - 2016-02-21 14:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe
2016-02-21 14:29 - 2016-02-21 14:29 - 00000000 _____ C:\Users\Kevin\Downloads\JRT.exe
2016-02-21 14:28 - 2016-02-21 14:43 - 00000000 ____D C:\AdwCleaner
2016-02-20 04:46 - 2016-02-20 04:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-19 23:30 - 2015-12-08 23:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-02-19 23:28 - 2016-03-09 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-19 23:28 - 2016-03-09 17:56 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-19 21:52 - 2016-02-19 21:52 - 00000000 ____D C:\Users\Kevin\Documents\League of Legends
2016-02-19 21:45 - 2016-02-19 21:45 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\LolClient
2016-02-19 16:29 - 2016-02-19 16:29 - 00000000 ____D C:\ProgramData\Riot Games
2016-02-19 16:28 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-02-19 16:28 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-02-19 16:28 - 2008-07-12 09:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-02-19 16:28 - 2008-07-12 09:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-02-19 16:28 - 2008-07-12 09:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-02-19 16:27 - 2016-02-19 16:27 - 00000000 ____D C:\Riot Games
2016-02-19 16:27 - 2016-02-19 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-19 16:26 - 2016-02-19 16:28 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Riot Games
2016-02-19 16:26 - 2016-02-19 16:26 - 27864920 _____ (Riot Games) C:\Users\Kevin\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2016-02-19 13:23 - 2016-02-19 13:23 - 00000000 ____D C:\Users\Kevin\AppData\Local\PeerDistRepub
2016-02-19 01:53 - 2016-02-19 01:53 - 00000000 ____D C:\Users\Kevin\Documents\My Games
2016-02-19 01:52 - 2016-02-19 01:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-19 01:52 - 2016-02-19 01:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-19 01:52 - 2016-02-19 01:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-02-19 01:52 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-02-19 01:52 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-02-19 01:52 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-02-19 01:52 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-02-19 01:52 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-02-19 01:52 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-02-19 01:52 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-02-19 01:52 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-02-19 01:52 - 2007-04-04 19:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-02-19 01:52 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-02-19 01:52 - 2007-04-04 19:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-02-19 01:52 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-02-19 01:52 - 2007-03-15 17:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-02-19 01:52 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-02-19 01:52 - 2007-03-12 17:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-02-19 01:52 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-02-19 01:52 - 2007-03-12 17:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-02-19 01:52 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-02-19 01:52 - 2007-03-05 13:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-02-19 01:52 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-02-19 01:26 - 2016-02-19 01:26 - 00000000 ____D C:\Users\Kevin\AppData\Local\Comms
2016-02-19 01:12 - 2016-03-12 18:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-19 01:12 - 2016-02-18 22:32 - 00000000 ____D C:\Users\Kevin\AppData\Local\MicrosoftEdge
2016-02-19 01:11 - 2016-03-09 21:49 - 00002367 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-19 01:11 - 2016-03-09 21:49 - 00000000 ___RD C:\Users\Kevin\OneDrive
2016-02-19 01:11 - 2016-02-19 01:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\ActiveSync
2016-02-19 01:10 - 2016-02-19 01:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-19 01:09 - 2016-03-12 18:16 - 00000000 __SHD C:\Users\Kevin\IntelGraphicsProfiles
2016-02-19 01:09 - 2016-03-08 01:36 - 00000000 ____D C:\Users\Kevin
2016-02-19 01:09 - 2016-03-03 12:00 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-19 01:09 - 2016-02-19 01:09 - 00000020 ___SH C:\Users\Kevin\ntuser.ini
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 _SHDL C:\Users\Kevin\My Documents
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Videos
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Pictures
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 _SHDL C:\Users\Kevin\Documents\My Music
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Adobe
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\VirtualStore
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\TileDataLayer
2016-02-19 01:09 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\Publishers
2016-02-19 01:09 - 2016-02-19 00:47 - 00000000 ____D C:\Users\Kevin\AppData\Local\Packages
2016-02-19 01:08 - 2015-10-30 03:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-19 01:07 - 2016-02-19 01:07 - 00000000 ____D C:\ProgramData\USOShared
2016-02-19 01:06 - 2016-03-12 18:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\Default User
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Users\All Users
2016-02-19 01:06 - 2016-02-19 01:06 - 00000000 _SHDL C:\Documents and Settings
2016-02-19 01:05 - 2016-03-12 18:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-19 01:05 - 2016-02-19 01:08 - 00000000 ____D C:\Intel
2016-02-19 01:05 - 2016-02-19 01:05 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-02-19 01:05 - 2016-02-19 01:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-02-19 01:05 - 2016-02-19 01:05 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-02-19 01:05 - 2016-02-19 01:05 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-02-19 01:05 - 2016-02-19 01:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-19 01:05 - 2016-02-19 01:05 - 00000000 ____D C:\Program Files\Realtek
2016-02-19 01:05 - 2015-11-16 21:59 - 00092656 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-19 01:04 - 2016-03-10 13:03 - 00203104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-19 01:04 - 2016-02-19 01:04 - 00000000 ____D C:\Program Files\Intel
2016-02-19 01:04 - 2015-07-22 21:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-02-19 01:04 - 2015-07-22 21:10 - 00579912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-02-19 01:04 - 2015-07-22 00:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-02-19 01:03 - 2016-02-19 01:03 - 00000000 _____ C:\Recovery.txt
2016-02-19 00:30 - 2016-02-19 01:08 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-19 00:30 - 2016-02-19 00:30 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-19 00:29 - 2016-02-19 00:29 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-19 00:28 - 2016-02-19 00:28 - 00000000 ____D C:\WINDOWS\Setup
2016-02-19 00:28 - 2016-02-19 00:28 - 00000000 ____D C:\Program Files\Synaptics
2016-02-19 00:27 - 2016-02-19 00:27 - 00000000 ____D C:\WINDOWS\OCR
2016-02-19 00:27 - 2016-02-19 00:27 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-19 00:27 - 2016-02-19 00:27 - 00000000 ____D C:\Program Files\MSBuild
2016-02-19 00:27 - 2016-02-19 00:27 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-19 00:27 - 2016-02-19 00:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\0409
2016-02-19 00:26 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-19 00:25 - 2016-03-08 03:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-19 00:25 - 2016-03-08 03:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-19 00:24 - 2016-03-12 13:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-19 00:24 - 2016-03-11 13:13 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-19 00:24 - 2016-03-10 02:15 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-19 00:24 - 2016-03-10 02:15 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-19 00:24 - 2016-03-10 02:15 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-19 00:24 - 2016-03-10 02:15 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-19 00:24 - 2016-03-03 02:30 - 00000000 ____D C:\WINDOWS\rescache
2016-02-19 00:24 - 2016-03-03 02:16 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 __RSD C:\WINDOWS\Media
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-19 00:24 - 2016-03-03 02:15 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-19 00:24 - 2016-02-20 04:31 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-19 00:24 - 2016-02-20 04:31 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-19 00:24 - 2016-02-20 04:31 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-19 00:24 - 2016-02-20 04:31 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-19 00:24 - 2016-02-19 11:57 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-19 00:24 - 2016-02-19 01:52 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-19 00:24 - 2016-02-19 01:51 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-19 00:24 - 2016-02-19 01:25 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-19 00:24 - 2016-02-19 01:09 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-19 00:24 - 2016-02-19 01:09 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-19 00:24 - 2016-02-19 01:09 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-19 00:24 - 2016-02-19 01:08 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-19 00:24 - 2016-02-19 01:08 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-19 00:24 - 2016-02-19 01:07 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-19 00:24 - 2016-02-19 01:06 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-19 00:24 - 2016-02-19 01:06 - 00000000 ____D C:\WINDOWS\CSC
2016-02-19 00:24 - 2016-02-19 01:04 - 00000000 ____D C:\WINDOWS\Help
2016-02-19 00:24 - 2016-02-19 01:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\IME
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-19 00:24 - 2016-02-19 00:26 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Web
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Vss
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\tracing
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\System
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SKB
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\security
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\schemas
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Resources
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Registration
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\PLA
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Performance
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\Branding
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\addins
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\ProgramData\Comms
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\Program Files\Windows NT
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-19 00:24 - 2016-02-19 00:24 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-19 00:24 - 2016-02-19 00:23 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-19 00:24 - 2016-02-19 00:23 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-19 00:24 - 2016-02-19 00:23 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-19 00:24 - 2016-02-19 00:23 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-19 00:24 - 2016-02-19 00:23 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-19 00:24 - 2016-02-19 00:23 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-19 00:24 - 2016-02-19 00:23 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-19 00:24 - 2016-02-19 00:23 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-19 00:24 - 2016-02-19 00:23 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-19 00:24 - 2016-02-19 00:23 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-19 00:24 - 2016-02-19 00:23 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-19 00:24 - 2016-02-19 00:23 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-19 00:24 - 2016-02-19 00:23 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-19 00:24 - 2016-02-19 00:23 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-19 00:24 - 2016-02-19 00:23 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-19 00:24 - 2016-02-19 00:23 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-19 00:24 - 2016-02-19 00:23 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-19 00:24 - 2016-02-19 00:23 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-19 00:24 - 2016-02-19 00:23 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-19 00:24 - 2016-02-19 00:13 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-19 00:23 - 2016-03-12 18:22 - 00000000 ____D C:\WINDOWS\INF
2016-02-19 00:19 - 2016-03-10 18:48 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-19 00:17 - 2016-03-12 18:16 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-19 00:17 - 2016-02-19 01:06 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-19 00:17 - 2016-02-19 00:26 - 00000000 ____D C:\WINDOWS\servicing
2016-02-19 00:17 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-02-19 00:17 - 2015-10-30 02:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-02-19 00:10 - 2016-02-19 00:10 - 00000000 ____D C:\Users\Kevin\AppData\Local\NetworkTiles
2016-02-18 23:59 - 2016-02-21 14:49 - 11443792 _____ (SurfRight B.V.) C:\Users\Kevin\Downloads\HitmanPro_x64.exe
2016-02-18 23:21 - 2016-02-18 23:21 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-18 23:02 - 2016-02-18 23:02 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-18 23:02 - 2016-02-18 23:02 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-18 23:02 - 2016-02-18 23:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla
2016-02-18 23:02 - 2016-02-18 23:02 - 00000000 ____D C:\Users\Kevin\AppData\Local\Mozilla
2016-02-18 23:02 - 2016-02-18 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-18 23:02 - 2016-02-18 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-18 23:01 - 2016-02-18 23:01 - 00242080 _____ C:\Users\Kevin\Downloads\Firefox Setup Stub 44.0.2 (1).exe
2016-02-18 23:00 - 2016-02-18 23:00 - 00242080 _____ C:\Users\Kevin\Downloads\Firefox Setup Stub 44.0.2.exe
2016-02-18 22:55 - 2016-02-18 22:56 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Foxit Software
2016-02-18 22:55 - 2016-02-18 22:55 - 00001428 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-02-18 22:55 - 2016-02-18 22:55 - 00000000 ____D C:\Users\Public\Foxit Software
2016-02-18 22:55 - 2016-02-18 22:55 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Foxit AgentInformation
2016-02-18 22:55 - 2016-02-18 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-02-18 22:55 - 2016-02-18 22:55 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-02-18 22:53 - 2016-02-18 22:54 - 43048592 _____ (Foxit Software Inc. ) C:\Users\Kevin\Downloads\FoxitReader73_enu_Setup_Prom.exe
2016-02-18 22:52 - 2016-02-18 22:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\Steam
2016-02-18 22:52 - 2016-02-18 22:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\CEF
2016-02-18 22:50 - 2016-03-13 20:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-18 22:50 - 2016-02-18 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-18 22:49 - 2016-02-18 22:49 - 01380712 _____ C:\Users\Kevin\Downloads\SteamSetup.exe
2016-02-18 22:44 - 2016-02-18 22:48 - 295249739 _____ C:\Users\Kevin\Downloads\CB10h-Edition.pdf
2016-02-18 22:42 - 2016-03-10 18:33 - 20945480 _____ C:\Users\Kevin\Downloads\RogueKiller.exe
2016-02-18 22:38 - 2016-03-08 22:44 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 22:38 - 2016-03-08 22:44 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 22:37 - 2016-03-14 09:42 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 22:37 - 2016-03-12 22:42 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 22:37 - 2016-02-19 15:01 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google
2016-02-18 22:37 - 2016-02-18 22:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-18 22:37 - 2016-02-18 22:37 - 00987728 _____ (Google Inc.) C:\Users\Kevin\Downloads\ChromeSetup.exe
2016-02-18 22:37 - 2016-02-18 22:37 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-18 22:37 - 2016-02-18 22:37 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-18 22:33 - 2016-02-18 22:33 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Macromedia
2016-02-18 21:15 - 2016-02-19 01:03 - 00000000 ___HD C:\$SysReset

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Files in the root of some directories =======

2016-02-19 01:05 - 2016-02-19 01:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-05 17:48 - 2016-03-05 17:49 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-11 01:34

==================== End of FRST.txt ============================
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 14th, 2016, 10:46 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Kevin (2016-03-14 10:45:21)
Running from C:\Users\Kevin\Downloads
Windows 10 Pro Version 1511 (X64) (2016-02-19 05:08:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2927064332-1517903795-2755176479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2927064332-1517903795-2755176479-503 - Limited - Disabled)
Guest (S-1-5-21-2927064332-1517903795-2755176479-501 - Limited - Disabled)
Kevin (S-1-5-21-2927064332-1517903795-2755176479-1001 - Administrator - Enabled) => C:\Users\Kevin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
MapleStory (HKLM-x32\...\Steam App 216150) (Version: - Nexon)
Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2927064332-1517903795-2755176479-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {148C98A4-70EE-4D82-9CA2-A872ACC8C726} - System32\Tasks\{01CFDB50-A5F5-4ED5-9197-C0F8622ED655} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {66DC298C-6CF2-4C8B-8E56-89CA40E7EABE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {76DC4309-75EF-4F5B-9B34-2C2D4AED8017} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {9C5ABE56-7707-4DAE-AAD4-28A27E057F52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {A4A8628E-3033-4EF5-B9E0-D9CD7C62E379} - System32\Tasks\{698BAA7A-ED3A-48AD-9BEC-9C86CF50A2C3} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {EB83B838-6799-4D6A-8448-DA2C97437310} - System32\Tasks\{35696DF7-788C-4F20-A311-4F28FE9F1647} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-02 16:08 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 16:08 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-18 22:50 - 2016-02-18 22:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 00:48 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 16:07 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-02 16:07 - 2016-02-23 04:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-03-10 13:10 - 2016-03-10 13:10 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-01-13 01:29 - 2016-01-04 21:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 01:29 - 2016-01-04 21:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 12:59 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 12:59 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-13 01:29 - 2016-01-04 21:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-02-19 01:04 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-18 22:50 - 2016-02-18 22:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-18 22:50 - 2016-02-18 22:51 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-18 22:51 - 2016-02-09 21:17 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-18 22:51 - 2016-03-10 15:02 - 02547792 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-18 22:51 - 2016-03-10 15:02 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:10 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-18 22:51 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-02-18 22:51 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-19 00:24 - 2016-02-19 00:23 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E89E6FD-F468-443C-B77A-D5F03C3EE96A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F8508BD-8069-454E-B94B-21CC8EE0D9D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1466C49A-7DB6-490B-B13B-05D9F123E555}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F5EE0ED-E61B-414A-A33D-9828BE5DE1A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3266C899-EB03-45B6-B8AB-92E49AD828A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EAA0BFB-6F1D-4025-9FAC-34F638996FFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A06F5FA7-0ABD-4771-B36F-D0378619498C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{421B5462-1187-40CF-BF6B-87631FF28A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{A6099073-10B4-47E0-A52F-1F2FCFD6AE55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{2DB32D3C-7A9A-4693-9CA6-6E9C285B67AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{3483A4AD-FC79-444D-BB93-D524C0EFC3D1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{5D80775F-B36A-43B0-9A76-0F7C531C1985}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{739D37C2-0DF7-4678-8277-FBF82947C0B0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B97BFE56-91C2-4643-ACBD-E1645D5226BB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C7B768BD-A661-4B5C-BCAD-C8214F17E47E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1C9DA093-5ADE-4ADC-979C-5D90D2042B92}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AC8736C0-0AE1-4F75-92A2-0A70CEAC6BB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-03-2016 13:32:42 Scheduled Checkpoint
05-03-2016 17:47:30 Installed TurboTax 2015 wrapper
09-03-2016 17:55:26 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 11:01:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FoxitReader.exe version 7.3.0.118 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 28d0

Start Time: 01d17d6c0bf7c055

Termination Time: 11

Application Path: C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe

Report Id: 126dc0fc-e991-11e5-95d2-d07e35095839

Faulting package full name:

Faulting package-relative application ID:

Error: (03/13/2016 09:00:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O508F63)
Description: Activation of app DCAC6496.ABCAllAccess_1fer1pwj5qrrg!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/13/2016 09:00:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O508F63)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/13/2016 09:00:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O508F63)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/13/2016 09:00:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O508F63)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/13/2016 08:59:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MapleStory.exe, version: 8.171.1.1, time stamp: 0x56dd0be3
Faulting module name: MapleStory.exe, version: 8.171.1.1, time stamp: 0x56dd0be3
Exception code: 0xc0000005
Fault offset: 0x007e7090
Faulting process id: 0xed0
Faulting application start time: 0xMapleStory.exe0
Faulting application path: MapleStory.exe1
Faulting module path: MapleStory.exe2
Report Id: MapleStory.exe3
Faulting package full name: MapleStory.exe4
Faulting package-relative application ID: MapleStory.exe5

Error: (03/12/2016 10:09:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1498
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (03/12/2016 09:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MapleStory.exe, version: 8.171.1.1, time stamp: 0x56dd0be3
Faulting module name: MapleStory.exe, version: 8.171.1.1, time stamp: 0x56dd0be3
Exception code: 0xc0000005
Fault offset: 0x007e7090
Faulting process id: 0x1b68
Faulting application start time: 0xMapleStory.exe0
Faulting application path: MapleStory.exe1
Faulting module path: MapleStory.exe2
Report Id: MapleStory.exe3
Faulting package full name: MapleStory.exe4
Faulting package-relative application ID: MapleStory.exe5

Error: (03/12/2016 05:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.122, time stamp: 0x56cbff21
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x56cbf6fe
Exception code: 0xc0000005
Fault offset: 0x00000000000780b7
Faulting process id: 0xadc
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (03/12/2016 12:33:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x14f0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5


System errors:
=============
Error: (03/14/2016 09:51:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/14/2016 01:32:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/14/2016 01:20:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/13/2016 09:01:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/13/2016 09:00:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O508F63)
Description: App.AppX5y532zn4yyrmwwv2a3276g9z5qz4vwfn.mca

Error: (03/13/2016 09:00:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O508F63)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (03/13/2016 09:00:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O508F63)
Description: App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca

Error: (03/13/2016 09:00:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O508F63)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (03/13/2016 09:00:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_3fbf6 service to connect.

Error: (03/13/2016 09:00:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O508F63)
Description: {0002DF02-0000-0000-C000-000000000046}


CodeIntegrity:
===================================
Date: 2016-03-12 17:44:19.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-12 12:36:33.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 18:07:45.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-11 12:12:23.814
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 17:48:47.516
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-10 12:03:25.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 16:55:20.095
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-03 01:27:08.408
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-03 01:16:39.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-01 12:28:59.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8104.27 MB
Available physical RAM: 5670.31 MB
Total Virtual: 9768.27 MB
Available Virtual: 6874.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.92 GB) (Free:174.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: D7916CC8)

Partition: GPT.

==================== End of Addition.txt ============================
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby capnkrunch » March 14th, 2016, 11:44 pm

Hello tanhed123 :)

As you probably noticed email notifcations are working again. You do not need to check this topic until you receive an email. I think they were probably working at the time I posted so I apologize for any confusion my notice may have caused.

ComboFix Warning
I see that you have downloaded ComboFix. It will not run on Windows 10 but this warning is for your future reference as well as anyone else watching this thread.

ComboFix is a very powerful tool and misuse may damage your computer even rendering it unbootable. As such it should only be run when requested by a trained helper. The author, sUBs, includes a disclaimer stating this on the download page.

Downloading Multiple Copies of Tools Warning
You need to pay closer attention to my instructions, not following them to the letter could potentially damage your computer. The problem is rather minor this time but may not be in the future. I told you to delete any copies of FRST64.exe prior to downloading a new copy. You did not and downloaded it twice.

This has resulted in three differently named copies of FRST which potentially confuses things as we need to keep track of which copy is the up to date one that we are using. In your logs I noticed that several other tools you ran were also downloaded multiple times which creates the same problem.

My instructions this time will ask you to delete all three copies of FRST64 and again download a new copy. This time and for all other tools I ask you to download please be sure to only download them once. This will make things easier for both of us.

Step one...

Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  • Download TCRB from HERE and save it to your Desktop.
  • Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  • Launch TCRB.
  • Click the Backup Registry tab and make sure all the boxes are checked.
  • Click on Backup Now.
  • Once the backup is finished you can now exit the program.

Stop! If you were unable to create a registry backup do not continue any further. Let me know what happened in your reply and I will provide further instructions. If you were successful, continue with the rest of the steps.

Step two...

Do you still have the PDF file that you are suspicious of? If so please I'd like you to upload it to VirusTotal.

Upload Files to VirusTotal
  • Please go to VirusTotal.
  • Click the Choose File button.
  • Navigate to the suspicious PDF file.
  • Click the Scan it! button.
  • You might see a message saying File already analysed, if you do click Reanalyse.
  • Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
    Example of web address :
    Image
  • Include the link in your next reply.

Step three...

FRST Fix
  • Please delete all three copies of FRST64.exe in your Downloads folder. Download a new one HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\MountPoints2: {7560bf60-e107-11e5-95cd-d07e35095839} - "D:\setup.exe"
    CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
    
    Folder: C:\ProgramData\RogueKiller\Logs
    Folder: C:\Program Files (x86)\AdwCleaner
    
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step four...

Post Old Logs
  • Please post the following logs:
    C:\Users\Kevin\Desktop\JRT.txt
    C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • For the Sophos log, your computer may ask you to choose a program to open it with. If this happens select Notepad.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • The VirusTotal link
  • Fixlog.txt
  • JRT.txt
  • SophosVirusRemovalTool.log
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 10:25 am

Virustotal could not scan because pdf size was 281 mb
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 10:25 am

Virustotal could not scan because pdf size was 281 mb
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 10:26 am

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Kevin (2016-03-15 10:21:18) Run:2
Running from C:\Users\Kevin\Downloads
Loaded Profiles: Kevin (Available Profiles: Kevin)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\MountPoints2: {7560bf60-e107-11e5-95cd-d07e35095839} - "D:\setup.exe"
CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]

Folder: C:\ProgramData\RogueKiller\Logs
Folder: C:\Program Files (x86)\AdwCleaner

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns


*****************

Restore point was successfully created.
"HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7560bf60-e107-11e5-95cd-d07e35095839}" => key removed successfully
HKCR\CLSID\{7560bf60-e107-11e5-95cd-d07e35095839} => key not found.
C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully

========================= Folder: C:\ProgramData\RogueKiller\Logs ========================

2016-02-21 14:41 - 2016-02-21 14:41 - 0033022 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_02212016_134106.json
2016-02-21 14:40 - 2016-02-21 14:40 - 0033020 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02212016_134027.json
2016-02-21 14:53 - 2016-02-21 14:53 - 0000000 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02212016_135327.json
2016-02-21 14:57 - 2016-02-21 14:57 - 0022871 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02212016_135701.json
2016-03-12 18:04 - 2016-03-12 18:04 - 0036791 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_03122016_170447.json

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\AdwCleaner ========================

2016-03-12 17:49 - 2016-03-12 17:49 - 0840704 _____ () C:\Program Files (x86)\AdwCleaner\adwcleaner.db
2016-03-12 17:50 - 2016-03-12 17:50 - 0001205 _____ () C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt
2016-03-12 17:49 - 2016-03-12 17:49 - 0001010 _____ () C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt
2016-03-12 18:19 - 2016-03-12 18:19 - 0000982 _____ () C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt
2016-03-12 17:49 - 2016-03-12 18:19 - 0000074 _____ () C:\Program Files (x86)\AdwCleaner\settings.ini
2016-03-12 17:49 - 2016-03-12 17:49 - 0000000 ____D () C:\Program Files (x86)\AdwCleaner\FileQuarantine
2016-03-12 17:49 - 2016-03-12 17:49 - 0000000 ____D () C:\Program Files (x86)\AdwCleaner\RegistryQuarantine

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 10:27 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x64
Ran by Kevin (Administrator) on Sun 02/21/2016 at 14:19:58.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/21/2016 at 14:20:57.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 10:31 am

I do not have the Sophos log, but I do know that there was only one thing they detected and that was just my game, it is not a virus
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby capnkrunch » March 15th, 2016, 10:57 pm

Hello tanhed123 :)

tanhed123 wrote:Virustotal could not scan because pdf size was 281 mb

That is a sign that it is probably not malicious. Most of the time PDFs that are used to spread malware are very small as it only needs to be one page to make it look like a real document and a bit of malicious code.

tanhed123 wrote:I do not have the Sophos log, but I do know that there was only one thing they detected and that was just my game, it is not a virus

Thanks for letting me know, that's all I really needed from the Sophos log.

Step one...

Post Old Logs
  • Open RogueKiller and click on the HISTORY tab.
  • Double-click the Delete log.
  • In the new window that opens click the Open TXT button.
  • This will open a log in Notepad. Copy and paste the contents in your reply.
  • Navigate to C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt.
  • Double-click to open it and copy and paste the contents in your reply.

Step two...

Malwarebytes Anti-Malware (MBAM) Scan
  • Please download Malwarebytes Anti-Malware.
  • Double-click the mbam-setup-*version*.exe file and follow any prompts to install MBAM. Before you click Finish ensure that Lauch Malwarebytes Anti-Malware is checked.
  • When MBAM launches all it to update its databases if prompted. You will need to be connected to the internet for this.
  • Click Scan Now. MBAM will proceed to scan your computer.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Save Results >> in the bottom right corner and select Copy to Clipboard. Paste the results in your next reply.
    The log file can also be found at C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs. Look for the one with the current date and time.

Step three...

ESET Online Scanner
NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
  • First please disable any antivirus you have active, as shown in this topic.
  • Close all open programs and windows.
  • Open your browser by right clicking and selecting Run as administrator.
  • Go to the ESET Online Scanner site.
  • Click on the green Run ESET Online Scanner button.
    • If using Firefox or Chrome, you will need to download a small utility.
    • Right click esetsmartinstaller_enu.exe and select Run as administrator.
  • Check the box to agree to the terms of use and click Start.
    • If using Internet Explorer, click Install when prompted to install the add-on.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • UNCHECK Remove found threats.
  • Ensure the following are checked:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes press the text: Image
  • Press the text: Image then save the file to your desktop as ESETScan.txt.
  • Press the Back button then press the Finish button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • The RogueKiller log
  • Adwcleaner[C1].txt
  • The MBAM log
  • ESETScan.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 15th, 2016, 11:53 pm

# AdwCleaner v5.101 - Logfile created 12/03/2016 at 16:50:04
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Kevin - DESKTOP-O508F63
# Running from : C:\Users\Kevin\Downloads\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 16th, 2016, 12:02 am

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2016
Scan Time: 11:57 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.16.01
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333260
Time Elapsed: 3 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm

Re: I think theres a virus on my comp?

Unread postby tanhed123 » March 16th, 2016, 12:29 am

I could not see a list of found threats link to click on, but there were no found threats on eset scanner
tanhed123
Regular Member
 
Posts: 16
Joined: March 9th, 2016, 9:53 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware