Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUA.Packed.Armadillo, Trojan.Win32.Generic!BT, Win32.Troj.DeepScan.a.(kcloud)


  • This topic is locked This topic is locked
20 replies to this topic

#1 gatsby0121

gatsby0121

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 04 April 2015 - 04:16 PM

I ran a suspicious file (I know, stupid of me). 

 

At any rate, when I uploaded to virustotal and a couple other sites, it came back with around 18% of the scanners finding a potential threat.

 

Some of the possible names are in the post title.   I'm not seeing any unusual activity, just the scanner reports.

 

Thanks for any help.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User1 (administrator) on User1S_PC on 04-04-2015 16:01:38
Running from C:\Users\User1\Downloads
Loaded Profiles: User1 (Available profiles: User1)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\User1\Downloads\OTL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-10-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-10-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [405504 2014-09-01] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-23] (Valve Corporation)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [GoogleChromeAutoLaunch_F9ED55245D765556EF1C4893715EB667] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{5B62C353-75A3-463F-A52E-CC005846F3CE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKU\S-1-5-21-2210691698-2314399949-2102214088-1001 -> DefaultScope {CC073604-8A13-499F-AB99-00CAA6BC5B0E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-03] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-03] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn [2015-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-03]
 
Chrome: 
=======
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Bookmark Manager) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\Exts\Chrome.crx [2015-04-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [305664 2014-08-11] (Qualcomm Atheros) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-10-20] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-20] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-09-01] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362056 2014-11-18] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-10-20] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-08-13] (Qualcomm Atheros, Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-04-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-03] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150403.001\IDSvia64.sys [671448 2015-04-01] (Symantec Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150403.019\ENG64.SYS [129752 2015-04-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150403.019\EX64.SYS [2137304 2015-04-03] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-20] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-10-20] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-10-20] (NVIDIA Corporation)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2214400 2014-08-12] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-10-20] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSP64.SYS [854616 2013-07-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1500000.064\SYMNETS.SYS [590424 2013-07-30] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-20] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 16:01 - 2015-04-04 16:01 - 02095616 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2015-04-04 16:01 - 2015-04-04 16:01 - 00021131 _____ () C:\Users\User1\Downloads\FRST.txt
2015-04-04 16:01 - 2015-04-04 16:01 - 00000000 ____D () C:\FRST
2015-04-04 15:51 - 2015-04-04 16:01 - 00238372 _____ () C:\Users\User1\Downloads\OTL.Txt
2015-04-04 15:51 - 2015-04-04 16:01 - 00084126 _____ () C:\Users\User1\Downloads\Extras.Txt
2015-04-04 15:46 - 2015-04-04 15:46 - 00602112 _____ (OldTimer Tools) C:\Users\User1\Downloads\OTL.exe
2015-04-04 15:11 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Autodesk Navisworks Manage 2013
2015-04-04 15:11 - 2015-04-04 15:16 - 00000000 ____D () C:\ProgramData\Autodesk Navisworks Manage 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\Users\User1\AppData\Roaming\NVIDIA
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Autodesk Navisworks Freedom 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\ProgramData\Navisworks 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\ProgramData\Autodesk Navisworks Freedom 2013
2015-04-04 15:01 - 2015-04-04 15:01 - 00002076 _____ () C:\Users\Public\Desktop\Navisworks Manage 2013.lnk
2015-04-04 14:59 - 2015-04-04 14:59 - 00002083 _____ () C:\Users\Public\Desktop\Navisworks Freedom 2013.lnk
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-04-03 16:14 - 2015-04-03 16:14 - 00002149 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-04-03 16:11 - 2015-04-03 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2015-04-03 16:07 - 2015-04-03 16:07 - 00124848 _____ () C:\Users\User1\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-03 16:02 - 2015-04-04 15:16 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-03 15:49 - 2015-04-03 15:49 - 00000000 ____D () C:\Users\User1\Downloads\Crack
2015-04-03 15:48 - 2015-04-04 15:08 - 00000000 ____D () C:\Users\User1\AppData\Local\Autodesk
2015-04-03 15:48 - 2015-04-03 15:48 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-03 15:46 - 2015-04-03 15:46 - 00002125 _____ () C:\Users\Public\Desktop\Revit MEP 2013.lnk
2015-04-03 15:46 - 2015-04-03 15:46 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-03 15:44 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-04-03 15:44 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-03 15:44 - 2015-04-03 15:44 - 00000000 ____D () C:\Program Files (x86)\FARO
2015-04-03 15:44 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-04-03 15:44 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-03 15:44 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-03 15:44 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-04-03 15:44 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-03 15:44 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-04-03 15:44 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-03 15:44 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-03 15:44 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-04-03 15:44 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-04-03 15:44 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-04-03 15:44 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-04-03 15:44 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-03 15:44 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-03 15:44 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-04-03 15:44 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-03 15:44 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-04-03 15:44 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-03 15:44 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-04-03 15:44 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-03 15:44 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-04-03 15:44 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-03 15:44 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-04-03 15:44 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-03 15:44 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-04-03 15:44 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-03 15:44 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-04-03 15:44 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-03 15:44 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-04-03 15:44 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-03 15:44 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-03 15:44 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-03 15:44 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-04-03 15:44 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-03 15:44 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-04-03 15:44 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-03 15:44 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-04-03 15:44 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-04-03 15:44 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-03 15:44 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-03 15:44 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-04-03 15:44 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-03 15:44 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-04-03 15:44 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-04-03 15:44 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-03 15:44 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-03 15:44 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-04-03 15:44 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-04-03 15:44 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-03 15:44 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-04-03 15:44 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-03 15:44 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-04-03 15:44 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-03 15:44 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-04-03 15:44 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-03 15:44 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-04-03 15:44 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-03 15:44 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-04-03 15:44 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-03 15:44 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-04-03 15:44 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-03 15:44 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-04-03 15:44 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-03 15:44 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-04-03 15:43 - 2015-04-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-03 15:43 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2015-04-03 15:43 - 2015-04-03 15:43 - 00002209 _____ () C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
2015-04-03 15:42 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Autodesk
2015-04-03 15:42 - 2015-04-04 15:11 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-03 14:32 - 2015-04-03 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-03 14:32 - 2015-04-03 14:32 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-03 14:31 - 2015-04-03 14:31 - 01376768 _____ () C:\Users\User1\Downloads\7z920-x64.msi
2015-04-03 14:30 - 2015-04-03 14:30 - 00501363 _____ (Peter B Clements) C:\Users\User1\Downloads\QuickPar-0.9.1.0.exe
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\Program Files (x86)\QuickPar
2015-04-03 14:29 - 2015-04-03 14:29 - 00000000 ____D () C:\Users\User1\AppData\Local\WinZip
2015-04-03 12:34 - 2015-04-04 11:47 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for User1S_PC-User1 User1s_PC
2015-04-03 12:31 - 2015-04-04 11:22 - 00000000 ____D () C:\Users\User1\OneDrive
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Users\User1\AppData\Local\sabnzbd
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Program Files (x86)\SABnzbd
2015-04-03 12:12 - 2015-04-03 12:12 - 10926924 _____ () C:\Users\User1\Downloads\SABnzbd-0.7.20-win32-setup.exe
2015-04-03 12:02 - 2015-04-04 11:22 - 00003106 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2210691698-2314399949-2102214088-1001
2015-04-03 12:02 - 2015-04-03 12:31 - 00000000 ___RD () C:\Users\User1\OneDrive.old
2015-04-03 12:00 - 2015-04-03 17:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-03 12:00 - 2015-04-03 12:00 - 01075384 _____ (Microsoft Corporation) C:\Users\User1\Downloads\Setup.X86.en-US_O365HomePremRetail_218c6700-61ab-40ae-8beb-0e8cb3169572_TX_PR_.exe
2015-04-03 12:00 - 2015-04-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-03 11:40 - 2015-04-03 11:40 - 00002289 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 11:40 - 2015-04-03 11:40 - 00000000 ____D () C:\Users\User1\AppData\Local\Steam
2015-04-03 11:40 - 2015-04-03 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-03 11:39 - 2015-04-04 15:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 11:39 - 2015-04-04 11:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 11:39 - 2015-04-03 11:40 - 00000000 ____D () C:\Users\User1\AppData\Local\Google
2015-04-03 11:39 - 2015-04-03 11:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 11:39 - 2015-04-03 11:39 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 11:39 - 2015-04-03 11:39 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 11:39 - 2015-04-03 11:39 - 00000000 ____D () C:\Users\User1\AppData\Local\Deployment
2015-04-03 11:39 - 2015-04-03 11:39 - 00000000 ____D () C:\Users\User1\AppData\Local\Apps\2.0
2015-04-03 11:38 - 2015-04-03 23:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 11:38 - 2015-04-03 11:38 - 00000989 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-03 11:38 - 2015-04-03 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-03 11:36 - 2015-03-13 14:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-03 11:36 - 2015-03-13 14:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-01 18:12 - 2015-04-01 18:12 - 00000000 _____ () C:\Users\User1\agent.log
2015-04-01 17:57 - 2015-04-01 17:57 - 00000000 ____D () C:\Users\User1\AppData\Local\Micro-Star_International_
2015-04-01 17:43 - 2015-04-01 17:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-01 17:41 - 2015-04-01 17:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Macromedia
2015-04-01 17:39 - 2015-04-04 15:49 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26640E32-407C-4B6B-9C0F-E6EC419C4E39}
2015-04-01 17:39 - 2015-04-04 15:15 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2210691698-2314399949-2102214088-1001
2015-04-01 17:39 - 2015-04-01 17:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2015-04-01 17:39 - 2015-04-01 17:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2015-04-01 17:37 - 2015-04-03 16:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Anti-Theft
2015-04-01 17:37 - 2015-04-01 17:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-04-01 17:36 - 2015-04-01 17:36 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Intel Corporation
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\User1\AppData\Roaming\SteelSeries
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\User1\AppData\Local\SteelSeries_ApS
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\User1\AppData\Local\MSI
2015-04-01 17:34 - 2015-04-04 11:20 - 00000000 ____D () C:\Users\User1\AppData\Local\Packages
2015-04-01 17:34 - 2015-04-03 12:00 - 00000000 ____D () C:\Users\User1\AppData\Local\VirtualStore
2015-04-01 17:34 - 2015-04-01 17:42 - 00000000 ____D () C:\Users\User1\AppData\Local\NVIDIA Corporation
2015-04-01 17:34 - 2015-04-01 17:42 - 00000000 ____D () C:\Users\User1\AppData\Local\NVIDIA
2015-04-01 17:34 - 2015-04-01 17:34 - 00001456 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 17:34 - 2015-04-01 17:34 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-01 17:34 - 2015-04-01 17:34 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Adobe
2015-04-01 17:33 - 2015-04-03 12:31 - 00000000 ____D () C:\Users\User1
2015-04-01 17:33 - 2015-04-01 17:33 - 00000020 ___SH () C:\Users\User1\ntuser.ini
2015-04-01 17:33 - 2014-10-20 14:30 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-01 17:33 - 2014-10-20 14:21 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-01 17:33 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-01 17:33 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-01 17:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-01 17:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 15:17 - 2014-11-25 21:23 - 01948530 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 14:20 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 14:19 - 2014-04-29 10:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-04-04 14:19 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\winrm
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\WCN
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\slmgr
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Com
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\IME
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Help
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\servicing
2015-04-04 14:10 - 2014-04-29 12:31 - 00174900 _____ () C:\Windows\system32\prfh0404.dat
2015-04-04 14:10 - 2014-04-29 12:31 - 00057070 _____ () C:\Windows\system32\prfc0404.dat
2015-04-04 14:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-04-04 14:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-04-04 11:32 - 2014-04-29 13:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-04-04 11:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-03 23:24 - 2014-04-29 12:00 - 00789394 _____ () C:\Windows\system32\prfh0416.dat
2015-04-03 23:24 - 2014-04-29 12:00 - 00163254 _____ () C:\Windows\system32\prfc0416.dat
2015-04-03 23:24 - 2014-04-29 11:50 - 00811906 _____ () C:\Windows\system32\perfh013.dat
2015-04-03 23:24 - 2014-04-29 11:50 - 00166752 _____ () C:\Windows\system32\perfc013.dat
2015-04-03 23:24 - 2014-04-29 11:41 - 00521760 _____ () C:\Windows\system32\perfh012.dat
2015-04-03 23:24 - 2014-04-29 11:41 - 00140290 _____ () C:\Windows\system32\perfc012.dat
2015-04-03 23:24 - 2014-04-29 11:31 - 00511718 _____ () C:\Windows\system32\perfh011.dat
2015-04-03 23:24 - 2014-04-29 11:31 - 00140290 _____ () C:\Windows\system32\perfc011.dat
2015-04-03 23:24 - 2014-04-29 11:16 - 00814314 _____ () C:\Windows\system32\perfh00A.dat
2015-04-03 23:24 - 2014-04-29 11:16 - 00170972 _____ () C:\Windows\system32\perfc00A.dat
2015-04-03 23:24 - 2014-04-29 11:00 - 00815888 _____ () C:\Windows\system32\perfh00C.dat
2015-04-03 23:24 - 2014-04-29 11:00 - 00435914 _____ () C:\Windows\system32\perfh001.dat
2015-04-03 23:24 - 2014-04-29 11:00 - 00163606 _____ () C:\Windows\system32\perfc00C.dat
2015-04-03 23:24 - 2014-04-29 11:00 - 00069386 _____ () C:\Windows\system32\perfc001.dat
2015-04-03 23:24 - 2014-03-18 05:03 - 08529642 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 23:18 - 2014-04-29 13:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-03 23:16 - 2014-03-18 04:54 - 00012946 _____ () C:\Windows\PFRO.log
2015-04-03 23:16 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 18:21 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-03 16:11 - 2014-04-29 13:34 - 00000000 ____D () C:\Windows\system32\Drivers\NATx64
2015-04-03 16:11 - 2013-08-22 09:44 - 00479176 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-03 15:49 - 2013-08-22 09:46 - 00024469 _____ () C:\Windows\setupact.log
2015-04-03 15:44 - 2014-04-29 13:48 - 00010468 _____ () C:\Windows\DirectX.log
2015-04-03 14:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore
2015-04-03 14:29 - 2014-10-20 14:31 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-03 13:15 - 2014-10-20 14:13 - 00000000 ____D () C:\Windows\RE_DRIVE
2015-04-03 11:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-03 11:37 - 2014-10-20 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-03 11:36 - 2014-10-20 13:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 17:36 - 2014-04-29 13:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-01 17:36 - 2014-04-29 13:30 - 00000000 ____D () C:\ProgramData\Norton
2015-03-13 14:41 - 2014-10-20 13:46 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 14:41 - 2014-10-20 13:46 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 11:16 - 2014-10-20 13:46 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 01099408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 11:16 - 2014-10-20 13:46 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00075976 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 08:10 - 2014-10-20 13:46 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
 
Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\AcDeltree.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-29 10:35
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 04 April 2015 - 06:06 PM

Hello gatsby0121 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 

 

Please do the following,

What is file ?

 

-----------------------------------------------------------------------------------------------
 
I see many LiveComm errors so we should also run this.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

I ran a suspicious file


Edited by olgun52, 04 April 2015 - 06:09 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 04 April 2015 - 08:14 PM

Thank you for the quick reply, I'll do this now.



#4 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 04 April 2015 - 09:54 PM

Here's the log file. 
 
A couple things, I'm not sure if I ran the 64 bit version.  Just realized that now.  Will that make a difference?
 
Above it says the 64-bit version is located in program files x86, which is where mine is located.  But I thought that x86 was the 32-bit version location for program files.
 
 
Here are the contents of the windows repair log.
 
Tweaking.com - Windows Repair v3.1.1
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack: 
Computer Name: User1S_PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\User1
Current Profile SID: S-1-5-21-2210691698-2314399949-2102214088-1001
Current Profile Classes: S-1-5-21-2210691698-2314399949-2102214088-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\User1\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:30:12
 
Process Count: 101
Commit Total: 3.74 GB
Commit Limit: 18.79 GB
Commit Peak: 4.48 GB
Handle Count: 37490
Kernel Total: 1.20 GB
Kernel Paged: 932.69 MB
Kernel Non Paged: 292.17 MB
System Cache: 8.93 GB
Thread Count: 1124
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.92 GB
Memory Used: 3.52 GB(22.1336%)
Memory Avail.: 12.40 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.92 GB
Memory Used: 2.80 GB(17.5898%)
Memory Avail.: 13.12 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (2015-04-04 8:28:14 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 67
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (2015-04-04 8:28:15 PM)
 
 
Decompressing & Updating Windows Permission File hkud.txt
Done,  0.14 seconds.
 
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.2 seconds.
 
 
Decompressing & Updating Windows Permission File hkcr.txt
Done,  0.54 seconds.
 
 
Decompressing & Updating Windows Permission File hklm.txt
Done,  1.0 seconds.
 
   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (2015-04-04 8:31:02 PM)
 
03 - Reset Service Permissions
   Start (2015-04-04 8:31:02 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:31:09 PM)
 
04 - Register System Files
   Start (2015-04-04 8:31:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:31:27 PM)
 
05 - Repair WMI
   Start (2015-04-04 8:31:27 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Windows Defender Exported.
   Norton Internet Security Exported.
 
   Exporting AntiSpyware Info...
   Norton Internet Security Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   Norton Internet Security Exported.
 
   Running Repair Under Current User Account
   Done (2015-04-04 8:33:16 PM)
 
06 - Repair Windows Firewall
   Start (2015-04-04 8:33:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:33:53 PM)
 
07 - Repair Internet Explorer
   Start (2015-04-04 8:33:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:34:12 PM)
 
08 - Repair MDAC/MS Jet
   Start (2015-04-04 8:34:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:34:19 PM)
 
09 - Repair Hosts File
   Start (2015-04-04 8:34:19 PM)
   Running Repair Under System Account
   Done (2015-04-04 8:34:20 PM)
 
10 - Remove Policies Set By Infections
   Start (2015-04-04 8:34:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:34:24 PM)
 
12 - Repair Icons
   Start (2015-04-04 8:34:24 PM)
   Running Repair Under Current User Account
   Done (2015-04-04 8:34:25 PM)
 
13 - Repair Winsock & DNS Cache
   Start (2015-04-04 8:34:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:34:34 PM)
 
15 - Repair Proxy Settings
   Start (2015-04-04 8:34:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:34:39 PM)
 
17 - Repair Windows Updates
   Start (2015-04-04 8:34:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (2015-04-04 8:35:02 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (2015-04-04 8:35:02 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (2015-04-04 8:35:02 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (2015-04-04 8:35:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:22 PM)
 
21 - Repair MSI (Windows Installer)
   Start (2015-04-04 8:35:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:30 PM)
 
23.01 - Repair bat Association
   Start (2015-04-04 8:35:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:33 PM)
 
23.02 - Repair cmd Association
   Start (2015-04-04 8:35:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:35 PM)
 
23.03 - Repair com Association
   Start (2015-04-04 8:35:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:37 PM)
 
23.04 - Repair Directory Association
   Start (2015-04-04 8:35:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:39 PM)
 
23.05 - Repair Drive Association
   Start (2015-04-04 8:35:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:41 PM)
 
23.06 - Repair exe Association
   Start (2015-04-04 8:35:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:43 PM)
 
23.07 - Repair Folder Association
   Start (2015-04-04 8:35:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:46 PM)
 
23.08 - Repair inf Association
   Start (2015-04-04 8:35:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:48 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (2015-04-04 8:35:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:50 PM)
 
23.10 - Repair msc Association
   Start (2015-04-04 8:35:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:52 PM)
 
23.11 - Repair reg Association
   Start (2015-04-04 8:35:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:54 PM)
 
23.12 - Repair scr Association
   Start (2015-04-04 8:35:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:56 PM)
 
24 - Repair Windows Safe Mode
   Start (2015-04-04 8:35:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:35:59 PM)
 
25 - Repair Print Spooler
   Start (2015-04-04 8:35:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:36:12 PM)
 
26 - Restore Important Windows Services
   Start (2015-04-04 8:36:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:36:20 PM)
 
27 - Set Windows Services To Default Startup
   Start (2015-04-04 8:36:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 8:36:24 PM)
 
28.01 - Repair Windows 8 App Store
   Start (2015-04-04 8:36:24 PM)
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Done (2015-04-04 8:36:35 PM)
 
29 - Repair Windows 8 Component Store
   Start (2015-04-04 8:36:35 PM)
   Running Repair Under Current User Account
   Done (2015-04-04 9:38:53 PM)
 
30 - Restore Windows 8 COM+ Unmarshalers
   Start (2015-04-04 9:38:53 PM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>
 
SetACL finished with error(s): 
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
 
   Done (2015-04-04 9:38:54 PM)
 
31 - Repair Windows 'New' Submenu
   Start (2015-04-04 9:38:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2015-04-04 9:38:56 PM)
 
33 - Repair Performance Counters
   Start (2015-04-04 9:38:56 PM)
   Running Repair Under Current User Account
   Done (2015-04-04 9:38:59 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (2015-04-04 9:38:59 PM)
   Total Repair Time: 01:10:46
 
 
...YOU MUST RESTART YOUR SYSTEM...

Edited by gatsby0121, 04 April 2015 - 09:58 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 05 April 2015 - 04:55 PM

Thank you for the Log. No problem.
-----------
 
Run Services Repair:

  • Please download ServicesRepair and save it to your desktop.
  • Please you can run the ESET ServicesRepair.exe. as Administrator (right click > run as Admin)
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Have a nice day.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 05 April 2015 - 06:08 PM

Log Opened: 2015-04-05 @ 18:07:08
18:07:08 - -----------------
18:07:08 - | Begin Logging |
18:07:08 - -----------------
18:07:08 - Fix started on a WIN_8 X64 computer
18:07:08 - Prep in progress.  Please Wait.
18:07:08 - Prep complete
18:07:08 - Repairing Services Now.  Please wait...
18:07:08 - Services Repair Complete.
18:07:13 - Reboot Initiated


#7 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 06 April 2015 - 07:12 AM

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 3:

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 April 2015 - 12:23 PM

mbar log attached.

 

 

Rogue killer log:

 

 

 

 

 

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Gillian [Administrator]
Started from : C:\Users\Gillian\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/06/2015  12:18:44
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://msi13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://msi13.msn.com  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Microsoft OneDrive Auto Update Task-S-1-5-21-2210691698-2314399949-2102214088-1001 -- %localappdata%\Microsoft\OneDrive\OneDrive.exe -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS128G3AMNB-2200A +++++
--- User ---
[MBR] 2988694d925f9110cba5f5e68b6eb06f
[BSP] 3da66eec31e78002e37d371fc9cd2808 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 121075 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] e282ab90180e52d12910e447ec1a43f0
[BSP] 527ef6fa65192abd21a937bf7410939b : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 938034 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1921095680 | Size: 15834 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: SCSIDISK SCSI_DISK_1234 USB Device +++++
--- User ---
[MBR] f1f37a2d192706a7da0964353d58ba28
[BSP] 15a3d04ae45e25a946f9a99e67f33bd1 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 32 | Size: 1909 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_04062015_121057.log
 
 
 
 
Security Check results:
 
 

 Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
 Symantec Norton Online Backup NOBuClient.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 06 April 2015 - 01:14 PM

Hi gatsby0121,

 

Step 1:

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

Step 2:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3:

Please post a fresh FRST Logs for me check. (Frst.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 April 2015 - 05:46 PM

FSS
 
Farbar Service Scanner Version: 17-01-2015
Ran by User1 (administrator) on 06-04-2015 at 17:37:11
Running from "C:\Users\User1\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
Addition file is attached

Attached Files



#11 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 April 2015 - 05:48 PM

Sorry, forgot the frst

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Gillian (administrator) on GILLIANS_PC on 06-04-2015 17:44:30
Running from C:\Users\Gillian\Downloads
Loaded Profiles: Gillian (Available profiles: Gillian)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-10-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-10-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-10-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [405504 2014-09-01] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-23] (Valve Corporation)
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\...\Run: [GoogleChromeAutoLaunch_F9ED55245D765556EF1C4893715EB667] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{5B62C353-75A3-463F-A52E-CC005846F3CE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi13.msn.com
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKU\S-1-5-21-2210691698-2314399949-2102214088-1001 -> DefaultScope {CC073604-8A13-499F-AB99-00CAA6BC5B0E} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-03] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-03] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Google Search) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Bookmark Manager) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [305664 2014-08-11] (Qualcomm Atheros) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-10-20] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-20] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-09-01] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362056 2014-11-18] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-10-20] (NVIDIA Corporation)
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-08-13] (Qualcomm Atheros, Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-04-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-03] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150403.001\IDSvia64.sys [671448 2015-04-01] (Symantec Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150405.021\ENG64.SYS [129752 2015-04-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150405.021\EX64.SYS [2137304 2015-04-03] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-20] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-10-20] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-10-20] (NVIDIA Corporation)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2214400 2014-08-12] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-10-20] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-29] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-06] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-20] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 17:37 - 2015-04-06 17:37 - 00002632 _____ () C:\Users\Gillian\Downloads\FSS.txt
2015-04-06 17:36 - 2015-04-06 17:36 - 00415232 _____ (Farbar) C:\Users\Gillian\Downloads\FSS.exe
2015-04-06 17:35 - 2015-04-06 17:35 - 00002382 _____ () C:\Users\Gillian\Desktop\Rkill.txt
2015-04-06 17:34 - 2015-04-06 17:34 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Gillian\Downloads\rkill.exe
2015-04-06 17:34 - 2015-04-06 17:34 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Gillian\Downloads\iExplore.exe
2015-04-06 12:19 - 2015-04-06 12:19 - 00003364 _____ () C:\Users\Gillian\Desktop\RKreport_SCN_04062015_121844.log
2015-04-06 12:19 - 2015-04-06 12:16 - 00852607 _____ () C:\Users\Gillian\Desktop\SecurityCheck.exe
2015-04-06 12:16 - 2015-04-06 12:16 - 00852607 _____ () C:\Users\Gillian\Downloads\SecurityCheck.exe
2015-04-06 12:15 - 2015-04-06 12:07 - 16748632 _____ () C:\Users\Gillian\Desktop\RogueKiller.exe
2015-04-06 12:07 - 2015-04-06 12:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-06 12:07 - 2015-04-06 12:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-06 12:06 - 2015-04-06 12:07 - 16748632 _____ () C:\Users\Gillian\Downloads\RogueKiller.exe
2015-04-06 11:57 - 2015-04-06 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 11:57 - 2015-04-06 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 11:57 - 2015-04-06 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 11:56 - 2015-04-06 12:21 - 00000000 ____D () C:\Users\Gillian\Desktop\mbar
2015-04-06 11:56 - 2015-04-06 11:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 11:56 - 2015-04-06 11:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Gillian\Downloads\mbar-1.09.1.1004.exe
2015-04-05 18:30 - 2015-04-05 18:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-04-05 18:07 - 2015-04-05 18:07 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2015-04-05 18:06 - 2015-04-05 18:06 - 04009167 _____ () C:\Users\Gillian\Downloads\ServicesRepair.exe
2015-04-04 22:36 - 2015-04-04 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GILLIANS_PC-Windows-8.1-(64-bit).dat
2015-04-04 22:36 - 2015-04-04 22:36 - 00000000 ____D () C:\RegBackup
2015-04-04 20:16 - 2015-04-04 20:16 - 00002189 _____ () C:\Users\Gillian\Desktop\Tweaking.com - Windows Repair.lnk
2015-04-04 20:15 - 2015-04-04 20:15 - 12846264 _____ () C:\Users\Gillian\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-04-04 20:15 - 2015-04-04 20:15 - 00003662 _____ () C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-04-04 20:15 - 2015-04-04 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-04 20:15 - 2015-04-04 20:15 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-04 16:26 - 2015-04-04 16:26 - 00291606 _____ () C:\Users\Gillian\Downloads\TCPView.zip
2015-04-04 16:26 - 2015-04-04 16:26 - 00000000 ____D () C:\Users\Gillian\Downloads\TCPView
2015-04-04 16:20 - 2015-04-04 16:20 - 00026253 _____ () C:\Users\Gillian\Downloads\adskflex_00691b00_tsf.data_backup.001
2015-04-04 16:20 - 2015-04-04 16:20 - 00026253 _____ () C:\Users\Gillian\Downloads\adskflex_00691b00_tsf.data
2015-04-04 16:13 - 2015-04-04 16:14 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Notepad++
2015-04-04 16:13 - 2015-04-04 16:13 - 08271739 _____ () C:\Users\Gillian\Downloads\npp.6.7.5.Installer.exe
2015-04-04 16:13 - 2015-04-04 16:13 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-04 16:13 - 2015-04-04 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-04 16:13 - 2015-04-04 16:13 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-04 16:01 - 2015-04-06 17:44 - 00020701 _____ () C:\Users\Gillian\Downloads\FRST.txt
2015-04-04 16:01 - 2015-04-06 17:44 - 00000000 ____D () C:\FRST
2015-04-04 16:01 - 2015-04-04 16:54 - 00041249 _____ () C:\Users\Gillian\Downloads\Addition.bak.txt
2015-04-04 16:01 - 2015-04-04 16:01 - 02095616 _____ (Farbar) C:\Users\Gillian\Downloads\FRST64.exe
2015-04-04 15:51 - 2015-04-04 16:01 - 00238372 _____ () C:\Users\Gillian\Downloads\OTL.Txt
2015-04-04 15:51 - 2015-04-04 16:01 - 00084126 _____ () C:\Users\Gillian\Downloads\Extras.Txt
2015-04-04 15:46 - 2015-04-04 15:46 - 00602112 _____ (OldTimer Tools) C:\Users\Gillian\Downloads\OTL.exe
2015-04-04 15:11 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Autodesk Navisworks Manage 2013
2015-04-04 15:11 - 2015-04-04 15:16 - 00000000 ____D () C:\ProgramData\Autodesk Navisworks Manage 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\NVIDIA
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Autodesk Navisworks Freedom 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\ProgramData\Navisworks 2013
2015-04-04 15:10 - 2015-04-04 15:10 - 00000000 ____D () C:\ProgramData\Autodesk Navisworks Freedom 2013
2015-04-04 15:01 - 2015-04-04 15:01 - 00002076 _____ () C:\Users\Public\Desktop\Navisworks Manage 2013.lnk
2015-04-04 14:59 - 2015-04-04 14:59 - 00002083 _____ () C:\Users\Public\Desktop\Navisworks Freedom 2013.lnk
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-04 14:59 - 2015-04-04 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-04-03 16:14 - 2015-04-03 16:14 - 00002149 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-04-03 16:11 - 2015-04-03 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2015-04-03 16:07 - 2015-04-03 16:07 - 00124848 _____ () C:\Users\Gillian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-03 16:02 - 2015-04-04 15:16 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-03 15:49 - 2015-04-03 15:49 - 00000000 ____D () C:\Users\Gillian\Downloads\Crack
2015-04-03 15:48 - 2015-04-04 15:08 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Autodesk
2015-04-03 15:48 - 2015-04-03 15:48 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-03 15:46 - 2015-04-03 15:46 - 00002125 _____ () C:\Users\Public\Desktop\Revit MEP 2013.lnk
2015-04-03 15:46 - 2015-04-03 15:46 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-03 15:44 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-04-03 15:44 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-03 15:44 - 2015-04-03 15:44 - 00000000 ____D () C:\Program Files (x86)\FARO
2015-04-03 15:44 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-04-03 15:44 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-03 15:44 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-03 15:44 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-03 15:44 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-03 15:44 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-03 15:44 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-03 15:44 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-03 15:44 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-03 15:44 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-03 15:44 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-03 15:44 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-04-03 15:44 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-03 15:44 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-04-03 15:44 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-04-03 15:44 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-03 15:44 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-03 15:44 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-04-03 15:44 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-04-03 15:44 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-04-03 15:44 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-04-03 15:44 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-03 15:44 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-04-03 15:44 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-04-03 15:44 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-03 15:44 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-03 15:44 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-03 15:44 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-04-03 15:44 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-03 15:44 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-04-03 15:44 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-03 15:44 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-04-03 15:44 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-03 15:44 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-03 15:44 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-04-03 15:44 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-03 15:44 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-04-03 15:44 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-03 15:44 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-03 15:44 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-04-03 15:44 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-03 15:44 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-03 15:44 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-04-03 15:44 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-03 15:44 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-04-03 15:44 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-03 15:44 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-03 15:44 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-03 15:44 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-03 15:44 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-04-03 15:44 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-03 15:44 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-04-03 15:44 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-03 15:44 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-04-03 15:44 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-04-03 15:44 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-03 15:44 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-03 15:44 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-04-03 15:44 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-04-03 15:44 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-03 15:44 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-04-03 15:44 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-04-03 15:44 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-04-03 15:44 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-03 15:44 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-03 15:44 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-04-03 15:44 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-03 15:44 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-04-03 15:44 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-03 15:44 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-04-03 15:44 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-03 15:44 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-04-03 15:44 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-03 15:44 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-04-03 15:44 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-03 15:44 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-04-03 15:44 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-03 15:44 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-04-03 15:44 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-03 15:44 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-04-03 15:44 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-03 15:44 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-04-03 15:44 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-03 15:44 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-04-03 15:43 - 2015-04-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-03 15:43 - 2015-04-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2015-04-03 15:43 - 2015-04-03 15:43 - 00002209 _____ () C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
2015-04-03 15:42 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Autodesk
2015-04-03 15:42 - 2015-04-04 15:11 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-03 14:32 - 2015-04-03 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-03 14:32 - 2015-04-03 14:32 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-03 14:31 - 2015-04-03 14:31 - 01376768 _____ () C:\Users\Gillian\Downloads\7z920-x64.msi
2015-04-03 14:30 - 2015-04-03 14:30 - 00501363 _____ (Peter B Clements) C:\Users\Gillian\Downloads\QuickPar-0.9.1.0.exe
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-03 14:30 - 2015-04-03 14:30 - 00000000 ____D () C:\Program Files (x86)\QuickPar
2015-04-03 14:29 - 2015-04-03 14:29 - 00000000 ____D () C:\Users\Gillian\AppData\Local\WinZip
2015-04-03 12:34 - 2015-04-05 18:35 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for GILLIANS_PC-Gillian Gillians_PC
2015-04-03 12:31 - 2015-04-05 18:08 - 00000000 ____D () C:\Users\Gillian\OneDrive
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Users\Gillian\AppData\Local\sabnzbd
2015-04-03 12:13 - 2015-04-03 12:13 - 00000000 ____D () C:\Program Files (x86)\SABnzbd
2015-04-03 12:12 - 2015-04-03 12:12 - 10926924 _____ () C:\Users\Gillian\Downloads\SABnzbd-0.7.20-win32-setup.exe
2015-04-03 12:02 - 2015-04-04 11:22 - 00003106 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2210691698-2314399949-2102214088-1001
2015-04-03 12:02 - 2015-04-03 12:31 - 00000000 ___RD () C:\Users\Gillian\OneDrive.old
2015-04-03 12:00 - 2015-04-03 17:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-03 12:00 - 2015-04-03 12:00 - 01075384 _____ (Microsoft Corporation) C:\Users\Gillian\Downloads\Setup.X86.en-US_O365HomePremRetail_218c6700-61ab-40ae-8beb-0e8cb3169572_TX_PR_.exe
2015-04-03 12:00 - 2015-04-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-03 11:40 - 2015-04-03 11:40 - 00002289 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 11:40 - 2015-04-03 11:40 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Steam
2015-04-03 11:40 - 2015-04-03 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-03 11:39 - 2015-04-06 17:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 11:39 - 2015-04-05 18:08 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 11:39 - 2015-04-03 11:40 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Google
2015-04-03 11:39 - 2015-04-03 11:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 11:39 - 2015-04-03 11:39 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 11:39 - 2015-04-03 11:39 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 11:39 - 2015-04-03 11:39 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Deployment
2015-04-03 11:39 - 2015-04-03 11:39 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Apps\2.0
2015-04-03 11:38 - 2015-04-06 12:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 11:38 - 2015-04-03 11:38 - 00000989 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-03 11:38 - 2015-04-03 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-03 11:36 - 2015-03-13 14:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-03 11:36 - 2015-03-13 14:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-03 11:36 - 2015-03-13 14:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-01 18:12 - 2015-04-01 18:12 - 00000000 _____ () C:\Users\Gillian\agent.log
2015-04-01 17:57 - 2015-04-01 17:57 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Micro-Star_International_
2015-04-01 17:43 - 2015-04-01 17:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-01 17:41 - 2015-04-01 17:41 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Macromedia
2015-04-01 17:39 - 2015-04-06 17:36 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26640E32-407C-4B6B-9C0F-E6EC419C4E39}
2015-04-01 17:39 - 2015-04-05 18:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2210691698-2314399949-2102214088-1001
2015-04-01 17:39 - 2015-04-01 17:39 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieUserList
2015-04-01 17:39 - 2015-04-01 17:39 - 00000000 __SHD () C:\Users\Gillian\AppData\Local\EmieSiteList
2015-04-01 17:37 - 2015-04-03 16:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Anti-Theft
2015-04-01 17:36 - 2015-04-01 17:36 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Intel Corporation
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\SteelSeries
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\Gillian\AppData\Local\SteelSeries_ApS
2015-04-01 17:35 - 2015-04-01 17:35 - 00000000 ____D () C:\Users\Gillian\AppData\Local\MSI
2015-04-01 17:34 - 2015-04-04 17:13 - 00000000 ____D () C:\Users\Gillian\AppData\Local\VirtualStore
2015-04-01 17:34 - 2015-04-04 11:20 - 00000000 ____D () C:\Users\Gillian\AppData\Local\Packages
2015-04-01 17:34 - 2015-04-01 17:42 - 00000000 ____D () C:\Users\Gillian\AppData\Local\NVIDIA Corporation
2015-04-01 17:34 - 2015-04-01 17:42 - 00000000 ____D () C:\Users\Gillian\AppData\Local\NVIDIA
2015-04-01 17:34 - 2015-04-01 17:34 - 00001456 _____ () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-01 17:34 - 2015-04-01 17:34 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-01 17:34 - 2015-04-01 17:34 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Adobe
2015-04-01 17:33 - 2015-04-03 12:31 - 00000000 ____D () C:\Users\Gillian
2015-04-01 17:33 - 2015-04-01 17:33 - 00000020 ___SH () C:\Users\Gillian\ntuser.ini
2015-04-01 17:33 - 2014-10-20 14:30 - 00000000 ___RD () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-01 17:33 - 2014-10-20 14:21 - 00000000 ___RD () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-01 17:33 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-01 17:33 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-01 17:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-01 17:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 18:46 - 2014-11-25 21:23 - 01291578 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 18:27 - 2014-04-29 11:31 - 00454132 _____ () C:\Windows\system32\perfh011.dat
2015-04-05 18:27 - 2014-04-29 11:31 - 00117524 _____ () C:\Windows\system32\perfc011.dat
2015-04-05 18:27 - 2014-04-29 11:00 - 00712452 _____ () C:\Windows\system32\perfh00C.dat
2015-04-05 18:27 - 2014-04-29 11:00 - 00639330 _____ () C:\Windows\system32\perfh001.dat
2015-04-05 18:27 - 2014-04-29 11:00 - 00137244 _____ () C:\Windows\system32\perfc00C.dat
2015-04-05 18:27 - 2014-04-29 11:00 - 00117524 _____ () C:\Windows\system32\perfc001.dat
2015-04-05 18:27 - 2014-03-18 05:03 - 02957514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 18:10 - 2014-04-29 13:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-05 18:10 - 2014-04-29 13:32 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-04-05 18:10 - 2014-04-29 13:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-05 18:10 - 2014-04-29 13:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-04-05 18:10 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-05 18:07 - 2014-03-18 04:54 - 00015018 _____ () C:\Windows\PFRO.log
2015-04-05 18:07 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 18:07 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-04 21:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-04 21:44 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-04-04 21:44 - 2013-08-22 09:44 - 00479176 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 21:38 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 20:34 - 2013-08-22 08:25 - 00000128 _____ () C:\Windows\win.ini
2015-04-04 19:57 - 2014-04-29 10:58 - 00000000 ____D () C:\Windows\system32\fr
2015-04-04 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-04 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Globalization
2015-04-04 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-04 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-04 19:57 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-04 19:57 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-04 19:57 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\servicing
2015-04-04 16:48 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\winrm
2015-04-04 16:48 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\WCN
2015-04-04 16:48 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\slmgr
2015-04-04 16:48 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Com
2015-04-04 16:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Help
2015-04-04 16:48 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-04 14:19 - 2014-04-29 10:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-04-04 14:19 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-04-04 14:19 - 2014-03-18 04:32 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\IME
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-04 14:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-04 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-04 14:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-04-04 14:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-04-03 16:11 - 2014-04-29 13:34 - 00000000 ____D () C:\Windows\system32\Drivers\NATx64
2015-04-03 15:49 - 2013-08-22 09:46 - 00024469 _____ () C:\Windows\setupact.log
2015-04-03 15:44 - 2014-04-29 13:48 - 00010468 _____ () C:\Windows\DirectX.log
2015-04-03 14:31 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore
2015-04-03 14:29 - 2014-10-20 14:31 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-03 13:15 - 2014-10-20 14:13 - 00000000 ____D () C:\Windows\RE_DRIVE
2015-04-03 11:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-03 11:37 - 2014-10-20 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-03 11:36 - 2014-10-20 13:46 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 17:36 - 2014-04-29 13:30 - 00000000 ____D () C:\ProgramData\Norton
2015-03-13 14:41 - 2014-10-20 13:46 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 14:41 - 2014-10-20 13:46 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 11:16 - 2014-10-20 13:46 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 01099408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 11:16 - 2014-10-20 13:46 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00075976 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-03-13 11:16 - 2014-10-20 13:46 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 08:10 - 2014-10-20 13:46 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
 
Some content of TEMP:
====================
C:\Users\Gillian\AppData\Local\Temp\AcDeltree.exe
C:\Users\Gillian\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gillian\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-29 10:35
 
==================== End Of Log ============================


#12 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 07 April 2015 - 07:59 AM

I don't see rkill log ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 07 April 2015 - 04:34 PM

  • Sorry, forgot to post it:
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/06/2015 05:35:11 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Gillian\Desktop\SecurityCheck.exe (PID: 1180) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/06/2015 05:35:23 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)


#14 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 08 April 2015 - 04:54 AM

Hi gatsby0121,
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   1.05KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Have a nice day.

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 gatsby0121

gatsby0121
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 08 April 2015 - 09:50 AM

FixLog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Gillian at 2015-04-08 09:33:32 Run:1
Running from C:\Users\Gillian\Downloads\FRST
Loaded Profiles: Gillian (Available profiles: Gillian)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
AlternateDataStreams: C:\Users\Gillian\OneDrive:ms-properties
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
C:\Users\Gillian\AppData\Local\Temp\AcDeltree.exe
C:\Users\Gillian\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gillian\AppData\Local\Temp\xmlUpdater.exe
C:\Users\User1\Downloads\Crack
C:\Users\User1\AppData\Local\Temp\AcDeltree.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
C:\Users\Gillian\OneDrive => ":ms-properties" ADS removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2210691698-2314399949-2102214088-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\Gillian\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\Gillian\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Gillian\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
"C:\Users\User1\Downloads\Crack" => File/Directory not found.
"C:\Users\User1\AppData\Local\Temp\AcDeltree.exe" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 548.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:33:42 ====
 
 
 
 
 
ADWCleaner
 
# AdwCleaner v4.201 - Logfile created 08/04/2015 at 09:38:36
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Gillian - GILLIANS_PC
# Running from : C:\Users\Gillian\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Gillian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [1175 bytes] - [08/04/2015 09:37:54]
AdwCleaner[S0].txt - [1104 bytes] - [08/04/2015 09:38:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1163  bytes] ##########
 

 

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Gillian on 2015-04-08 at  9:41:44.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-04-08 at  9:43:42.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users