Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop affected by "Trojan.Multi.CertStor.a"


  • This topic is locked This topic is locked
19 replies to this topic

#1 Rocky143

Rocky143

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 11 December 2015 - 02:12 PM

Hi guys!!

 

I have a dell laptop windows 10 64 bit and recently i have been seeing a detection  of "Trojan.Multi.CertStor.a" virus/malware(not sure).I have Kaspersky internet security 2015 installed,it detects the trojan but does'nt delete it.

I tried to google the possible solutions but no help...It would be really helpful if anyone could provide me remedy for this trojan.Not a computer geek so if any additional info required  do ask...Waiting for response!!!



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 11 December 2015 - 06:29 PM

Hello Rocky143 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 12 December 2015 - 12:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by JR (administrator) on JR-PC (12-12-2015 10:59:57)
Running from C:\Users\JR\Desktop
Loaded Profiles: JR (Available Profiles: JR & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-11-17] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [609200 2015-03-02] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Gamepad] => C:\WINDOWS\USB Vibration\7906\USB Gamepad.exe -boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-1091303845-677649195-2790264629-1000\...\Run: [uTorrent] => C:\Users\JR\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-1091303845-677649195-2790264629-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1091303845-677649195-2790264629-1000\...\Run: [Google Update] => C:\Users\JR\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-15] (Google Inc.)
HKU\S-1-5-21-1091303845-677649195-2790264629-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177416 2015-11-25] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5d950a72-8cdf-4704-aced-d40256542198}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c6af0a9b-1f4e-4aef-b3f1-cfb6b95fd1dd}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-24] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\odleuqpo.default-1441326926000
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-08] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-08] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-08] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1091303845-677649195-2790264629-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\JR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1091303845-677649195-2790264629-1000: @talk.google.com/O1DPlugin -> C:\Users\JR\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1091303845-677649195-2790264629-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JR\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1091303845-677649195-2790264629-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JR\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF user.js: detected! => C:\Users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\odleuqpo.default-1441326926000\user.js [2015-09-08]
FF Plugin ProgramFiles/Appdata: C:\Users\JR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JR\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-08] [not signed]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-08] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Google Docs) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Google Drive) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-19]
CHR Extension: (YouTube) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-19]
CHR Extension: (Google Search) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-19]
CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb [2015-08-19]
CHR Extension: (Google Sheets) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-19]
CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2015-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
CHR Profile: C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Google Docs) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Google Drive) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kaspersky Protection) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-09-08]
CHR Extension: (Google Sheets) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Skype Click to Call) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\JR\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-05] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-08] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-07] (Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [411936 2015-06-24] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-13] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-11-17] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-20] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-05] (Kaspersky Lab UK Ltd)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-09-06] (OSR Open Systems Resources, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-15] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-15] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-05] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-05] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-28] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-05] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-05] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-05] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-05] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-05] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-07] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-09-07] (Realsil Semiconductor Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-07] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 10:59 - 2015-12-12 11:00 - 00025825 _____ C:\Users\JR\Desktop\FRST.txt
2015-12-12 10:59 - 2015-12-12 10:59 - 00000000 ____D C:\FRST
2015-12-12 10:54 - 2015-12-12 10:58 - 02369024 _____ (Farbar) C:\Users\JR\Desktop\FRST64.exe
2015-12-10 20:34 - 2015-12-10 20:34 - 00000000 ____D C:\Users\JR\AppData\Local\Deployment
2015-12-10 15:44 - 2015-12-10 15:44 - 00000000 ____D C:\Users\JR\AppData\Local\CEF
2015-12-09 00:08 - 2015-12-09 00:08 - 00406239 _____ C:\Users\JR\Downloads\International Student Identity Card_EAU_Mailing_Online Order_15112015.pdf
2015-12-09 00:05 - 2015-12-09 00:05 - 00203911 _____ C:\Users\JR\Downloads\General_Guidelines_on_Turnitin_Reports (updated).pdf
2015-12-04 13:00 - 2015-12-04 13:00 - 00000031 _____ C:\Users\JR\Documents\achan gmail.txt
2015-12-03 23:11 - 2015-11-22 15:26 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 23:11 - 2015-11-22 15:25 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-03 23:11 - 2015-11-22 15:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 23:11 - 2015-11-22 15:22 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-03 23:11 - 2015-11-22 15:14 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 23:11 - 2015-11-22 15:12 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-03 23:11 - 2015-11-22 15:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 23:11 - 2015-11-22 15:08 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 23:11 - 2015-11-22 15:03 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-03 23:11 - 2015-11-22 15:03 - 13380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-03 23:11 - 2015-11-22 15:03 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-03 23:11 - 2015-11-22 15:00 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-03 23:11 - 2015-11-22 14:54 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-03 23:11 - 2015-11-22 14:49 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-03 23:11 - 2015-11-22 14:46 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-03 23:10 - 2015-11-22 16:17 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 23:10 - 2015-11-22 16:17 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 23:10 - 2015-11-22 16:11 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 23:10 - 2015-11-22 16:11 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-03 23:10 - 2015-11-22 16:11 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 23:10 - 2015-11-22 16:05 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 23:10 - 2015-11-22 16:04 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-03 23:10 - 2015-11-22 16:04 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 23:10 - 2015-11-22 16:03 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 23:10 - 2015-11-22 16:03 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 23:10 - 2015-11-22 16:03 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 23:10 - 2015-11-22 16:00 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 23:10 - 2015-11-22 16:00 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 23:10 - 2015-11-22 15:56 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 23:10 - 2015-11-22 15:55 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 23:10 - 2015-11-22 15:54 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 23:10 - 2015-11-22 15:50 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 23:10 - 2015-11-22 15:49 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 23:10 - 2015-11-22 15:44 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 23:10 - 2015-11-22 15:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 23:10 - 2015-11-22 15:30 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 23:10 - 2015-11-22 15:27 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-03 23:10 - 2015-11-22 15:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 23:10 - 2015-11-22 15:27 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 23:10 - 2015-11-22 15:27 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 23:10 - 2015-11-22 15:27 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 23:10 - 2015-11-22 15:26 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-03 23:10 - 2015-11-22 15:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 23:10 - 2015-11-22 15:26 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 23:10 - 2015-11-22 15:26 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 23:10 - 2015-11-22 15:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 23:10 - 2015-11-22 15:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 23:10 - 2015-11-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 23:10 - 2015-11-22 15:24 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 23:10 - 2015-11-22 15:22 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 23:10 - 2015-11-22 15:22 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 23:10 - 2015-11-22 15:22 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 23:10 - 2015-11-22 15:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 23:10 - 2015-11-22 15:21 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 23:10 - 2015-11-22 15:21 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 23:10 - 2015-11-22 15:21 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 23:10 - 2015-11-22 15:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 23:10 - 2015-11-22 15:21 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 23:10 - 2015-11-22 15:20 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 23:10 - 2015-11-22 15:19 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 23:10 - 2015-11-22 15:19 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-03 23:10 - 2015-11-22 15:19 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 23:10 - 2015-11-22 15:19 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 23:10 - 2015-11-22 15:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 23:10 - 2015-11-22 15:17 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-03 23:10 - 2015-11-22 15:16 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 23:10 - 2015-11-22 15:16 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-03 23:10 - 2015-11-22 15:15 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 23:10 - 2015-11-22 15:15 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 23:10 - 2015-11-22 15:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 23:10 - 2015-11-22 15:14 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-03 23:10 - 2015-11-22 15:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 23:10 - 2015-11-22 15:13 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 23:10 - 2015-11-22 15:12 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 23:10 - 2015-11-22 15:11 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 23:10 - 2015-11-22 15:11 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 23:10 - 2015-11-22 15:11 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-03 23:10 - 2015-11-22 15:10 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 23:10 - 2015-11-22 15:10 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-03 23:10 - 2015-11-22 15:10 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 23:10 - 2015-11-22 15:10 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 23:10 - 2015-11-22 15:10 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 23:10 - 2015-11-22 15:09 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 23:10 - 2015-11-22 15:09 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 23:10 - 2015-11-22 15:08 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 23:10 - 2015-11-22 15:08 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 23:10 - 2015-11-22 15:08 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 23:10 - 2015-11-22 15:08 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 23:10 - 2015-11-22 15:07 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 23:10 - 2015-11-22 15:07 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 23:10 - 2015-11-22 15:07 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 23:10 - 2015-11-22 15:06 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 23:10 - 2015-11-22 15:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 23:10 - 2015-11-22 15:03 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 23:10 - 2015-11-22 15:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-03 23:10 - 2015-11-22 15:02 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 23:10 - 2015-11-22 15:02 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 23:10 - 2015-11-22 15:01 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 23:10 - 2015-11-22 15:01 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 23:10 - 2015-11-22 15:01 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 23:10 - 2015-11-22 15:00 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-03 23:10 - 2015-11-22 14:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 23:10 - 2015-11-22 14:58 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 23:10 - 2015-11-22 14:57 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 23:10 - 2015-11-22 14:57 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 23:10 - 2015-11-22 14:57 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 23:10 - 2015-11-22 14:57 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 23:10 - 2015-11-22 14:57 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 23:10 - 2015-11-22 14:57 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 23:10 - 2015-11-22 14:56 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 23:10 - 2015-11-22 14:56 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 23:10 - 2015-11-22 14:56 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 23:10 - 2015-11-22 14:56 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 23:10 - 2015-11-22 14:55 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-03 23:10 - 2015-11-22 14:55 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 23:10 - 2015-11-22 14:55 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 23:10 - 2015-11-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 23:10 - 2015-11-22 14:54 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-03 23:10 - 2015-11-22 14:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 23:10 - 2015-11-22 14:54 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 23:10 - 2015-11-22 14:54 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 23:10 - 2015-11-22 14:53 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-03 23:10 - 2015-11-22 14:50 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 23:10 - 2015-11-22 14:48 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 23:10 - 2015-11-22 14:48 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 23:10 - 2015-11-22 14:48 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 23:10 - 2015-11-22 14:47 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 23:10 - 2015-11-22 14:47 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 23:10 - 2015-11-22 14:41 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 18:07 - 2015-12-03 18:07 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-03 18:07 - 2015-11-25 00:12 - 00102704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-12-03 18:05 - 2015-11-25 04:37 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 37882672 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 22345336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 18389624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 15839392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 14844304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 13533416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 12870384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 02496816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435906.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435906.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 01016360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00877872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00823232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00501056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00422752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00413816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-12-03 18:05 - 2015-11-25 04:37 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-12-03 13:29 - 2015-12-03 13:29 - 00306699 _____ C:\Users\JR\Downloads\Resume.pdf
2015-12-01 13:46 - 2015-12-01 13:46 - 09736240 _____ (CyberGhost S.R.L. ) C:\Users\JR\Downloads\CG_5.5.0.2_7.exe
2015-11-27 19:06 - 2015-11-27 19:06 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-11-25 12:55 - 2015-11-21 11:51 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-11-25 12:55 - 2015-11-21 11:32 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-11-25 12:55 - 2015-11-21 11:14 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-25 12:55 - 2015-11-21 10:59 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-11-25 12:55 - 2015-11-21 10:37 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-23 20:42 - 2015-11-23 20:42 - 00306646 _____ C:\Users\JR\Downloads\JR Resume (word).pdf
2015-11-23 20:40 - 2015-11-23 20:40 - 00306647 _____ C:\Users\JR\Downloads\JR Resume 1 (word).pdf
2015-11-22 21:11 - 2015-11-13 00:07 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2015-11-20 15:12 - 2015-11-20 15:13 - 01686812 _____ C:\WINDOWS\Minidump\112015-18718-01.dmp
2015-11-20 15:12 - 2015-11-20 15:12 - 712377297 _____ C:\WINDOWS\MEMORY.DMP
2015-11-20 15:12 - 2015-11-20 15:12 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-20 12:58 - 2015-11-20 12:58 - 00000000 ____D C:\Users\JR\AppData\Roaming\NVIDIA
2015-11-20 12:00 - 2015-11-25 01:02 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 02983032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 02554672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-20 12:00 - 2015-11-25 01:02 - 00523384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-11-20 12:00 - 2015-11-25 01:02 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-20 12:00 - 2015-11-24 02:05 - 06049858 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-11-20 11:58 - 2015-11-26 06:04 - 11228488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-20 11:58 - 2015-11-25 04:37 - 03540360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-20 11:58 - 2015-11-25 04:37 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-20 11:58 - 2015-11-25 04:37 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-11-20 11:58 - 2015-11-25 04:37 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-20 11:58 - 2015-11-16 09:24 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll
2015-11-20 11:58 - 2015-11-16 09:24 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll
2015-11-19 17:05 - 2015-11-13 12:13 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-19 17:05 - 2015-11-13 12:13 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-19 17:05 - 2015-11-13 12:11 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-19 17:05 - 2015-11-13 12:11 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-19 17:05 - 2015-11-13 12:03 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-19 17:05 - 2015-11-13 11:51 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-19 17:05 - 2015-11-13 11:51 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-19 17:05 - 2015-11-13 11:48 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-19 17:05 - 2015-11-13 11:28 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-19 17:05 - 2015-11-13 11:09 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-19 17:05 - 2015-11-13 10:59 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-19 17:05 - 2015-11-13 10:49 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-19 17:04 - 2015-11-13 12:25 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-19 17:04 - 2015-11-13 12:21 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-19 17:04 - 2015-11-13 12:21 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-19 17:04 - 2015-11-13 12:21 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-19 17:04 - 2015-11-13 12:13 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-19 17:04 - 2015-11-13 12:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-19 17:04 - 2015-11-13 12:13 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-19 17:04 - 2015-11-13 12:13 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-19 17:04 - 2015-11-13 12:13 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-19 17:04 - 2015-11-13 12:12 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-19 17:04 - 2015-11-13 12:12 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-19 17:04 - 2015-11-13 12:12 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-19 17:04 - 2015-11-13 12:03 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-19 17:04 - 2015-11-13 12:03 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-19 17:04 - 2015-11-13 12:02 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-19 17:04 - 2015-11-13 11:51 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-19 17:04 - 2015-11-13 11:49 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-19 17:04 - 2015-11-13 11:39 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-19 17:04 - 2015-11-13 11:37 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-19 17:04 - 2015-11-13 11:36 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-19 17:04 - 2015-11-13 11:35 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-19 17:04 - 2015-11-13 11:35 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-19 17:04 - 2015-11-13 11:35 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-19 17:04 - 2015-11-13 11:35 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-19 17:04 - 2015-11-13 11:34 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-19 17:04 - 2015-11-13 11:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-19 17:04 - 2015-11-13 11:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-19 17:04 - 2015-11-13 11:33 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-19 17:04 - 2015-11-13 11:33 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-19 17:04 - 2015-11-13 11:32 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-19 17:04 - 2015-11-13 11:32 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-19 17:04 - 2015-11-13 11:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-19 17:04 - 2015-11-13 11:30 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-19 17:04 - 2015-11-13 11:30 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-19 17:04 - 2015-11-13 11:29 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-19 17:04 - 2015-11-13 11:28 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-19 17:04 - 2015-11-13 11:27 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-19 17:04 - 2015-11-13 11:27 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-19 17:04 - 2015-11-13 11:26 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-19 17:04 - 2015-11-13 11:26 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-19 17:04 - 2015-11-13 11:26 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-19 17:04 - 2015-11-13 11:25 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-19 17:04 - 2015-11-13 11:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-19 17:04 - 2015-11-13 11:24 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-19 17:04 - 2015-11-13 11:23 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-19 17:04 - 2015-11-13 11:23 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-19 17:04 - 2015-11-13 11:20 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-19 17:04 - 2015-11-13 11:19 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-19 17:04 - 2015-11-13 11:10 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-19 17:04 - 2015-11-13 11:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-19 17:04 - 2015-11-13 11:07 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-19 17:04 - 2015-11-13 11:04 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-19 17:04 - 2015-11-13 11:03 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-19 17:04 - 2015-11-13 11:02 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-19 17:04 - 2015-11-13 11:00 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-19 17:04 - 2015-11-13 11:00 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-19 17:04 - 2015-11-13 10:58 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-19 17:04 - 2015-11-13 10:57 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-19 17:04 - 2015-11-13 10:53 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-19 15:33 - 2015-11-19 15:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-18 21:57 - 2015-11-18 21:57 - 00000000 ____D C:\Users\JR\Documents\KONAMI
2015-11-18 21:53 - 2015-11-18 21:53 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-11-18 21:52 - 2015-11-18 21:53 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-11-18 21:05 - 2015-11-18 21:05 - 00000611 _____ C:\Users\Public\Desktop\PES 2016.lnk
2015-11-18 10:06 - 2015-11-18 10:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-18 10:03 - 2015-11-18 10:03 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-18 10:03 - 2015-11-18 10:03 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-18 10:03 - 2015-11-18 10:03 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-18 10:03 - 2015-11-18 10:03 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-18 10:03 - 2015-11-18 10:03 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-18 10:03 - 2015-11-18 10:03 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-18 10:03 - 2015-11-18 10:03 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-18 10:03 - 2015-11-18 10:03 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-18 10:03 - 2015-11-18 10:03 - 00000000 ____D C:\Windows.old
2015-11-18 10:02 - 2015-11-18 10:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\Program Files\MSBuild
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-18 09:59 - 2015-11-18 09:59 - 00000000 ____D C:\inetpub
2015-11-18 09:59 - 2015-11-17 20:53 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-18 09:58 - 2015-10-24 07:17 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-18 09:58 - 2015-10-24 07:17 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-18 09:58 - 2015-10-24 07:17 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-18 09:58 - 2015-10-24 07:16 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-18 09:58 - 2015-10-24 07:16 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-18 09:58 - 2015-10-24 07:15 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-17 21:08 - 2015-11-17 21:08 - 00000000 ____D C:\Users\JR\AppData\Local\ActiveSync
2015-11-17 21:06 - 2015-11-17 21:06 - 00000020 ___SH C:\Users\JR\ntuser.ini
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default\My Documents
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-11-17 21:00 - 2015-12-11 18:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-17 20:52 - 2015-11-17 20:52 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-17 20:52 - 2015-11-17 20:52 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-11-17 20:52 - 2015-11-17 20:52 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-11-17 20:48 - 2015-11-17 20:48 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-11-17 20:47 - 2015-11-17 20:53 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-17 20:45 - 2015-12-12 07:53 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-17 20:45 - 2015-12-11 19:02 - 01011572 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-17 20:45 - 2015-12-11 18:55 - 00000000 ____D C:\Users\JR
2015-11-17 20:45 - 2015-11-17 20:58 - 01027412 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\JR\My Documents
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\JR\Documents\My Videos
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\JR\Documents\My Pictures
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\JR\Documents\My Music
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-11-17 20:45 - 2015-11-17 20:45 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-11-17 20:41 - 2015-12-12 10:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-17 20:41 - 2015-12-11 18:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-17 20:41 - 2015-12-03 18:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-17 20:41 - 2015-11-20 12:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-17 20:41 - 2015-11-17 20:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-11-17 20:41 - 2015-11-17 20:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-11-17 20:41 - 2015-11-17 20:41 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-11-17 20:41 - 2015-11-17 20:41 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-11-17 20:41 - 2015-11-17 20:41 - 00000000 ____D C:\Program Files\Realtek
2015-11-17 20:41 - 2015-09-08 10:18 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-11-17 20:40 - 2015-11-17 20:48 - 00000000 ____D C:\Program Files\Intel
2015-11-17 20:40 - 2015-10-30 12:47 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-17 20:37 - 2015-11-17 20:54 - 00338728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-17 19:39 - 2015-11-17 19:39 - 72130584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2015-11-17 19:39 - 2015-11-17 19:39 - 13242880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 13078352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 12126952 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-11-17 19:39 - 2015-11-17 19:39 - 04518136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-11-17 19:39 - 2015-11-17 19:39 - 03709056 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2015-11-17 19:39 - 2015-11-17 19:39 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 03269440 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 02999808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 02935544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 02880873 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-11-17 19:39 - 2015-11-17 19:39 - 02856704 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 02719992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-11-17 19:39 - 2015-11-17 19:39 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 02001056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01991784 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01766136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01764432 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01416832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01351176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01231248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01183352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 01015608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00930848 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00784312 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00759208 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00693032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00692520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00659872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00657304 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00591640 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00588120 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00545824 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00422432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00342280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00339136 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00283928 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00232712 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00212256 _____ (Waves Audio) C:\WINDOWS\system32\MaxxAudioVienna264.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00187280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00174632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00131024 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00084048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00079296 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2015-11-17 19:39 - 2015-11-17 19:39 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-11-17 19:00 - 2015-11-17 19:00 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-11-14 14:37 - 2015-11-14 16:12 - 00112745 _____ C:\Users\JR\Documents\TURKEY.pptx
2015-11-13 21:52 - 2015-11-17 22:27 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-11-13 21:52 - 2015-11-17 21:00 - 00003812 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-13 21:52 - 2015-11-17 21:00 - 00002982 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-11-13 21:52 - 2015-11-13 21:52 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-13 21:52 - 2015-11-13 21:52 - 00000000 ____D C:\Program Files\Dell Support Center

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 10:59 - 2015-10-30 11:58 - 00000000 ____D C:\Windows
2015-12-12 10:42 - 2015-09-08 09:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-12 10:42 - 2015-08-19 10:07 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 10:42 - 2015-08-17 03:59 - 00000000 __SHD C:\Users\JR\IntelGraphicsProfiles
2015-12-12 10:41 - 2015-09-12 10:38 - 00000435 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-12-12 07:53 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 07:53 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-12 07:53 - 2015-08-19 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 07:53 - 2015-08-19 09:57 - 00000000 ____D C:\Users\JR\AppData\Roaming\uTorrent
2015-12-12 07:53 - 2015-08-17 03:53 - 00000000 ____D C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-12 07:51 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\registration
2015-12-12 07:50 - 2015-09-08 09:26 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-12 00:29 - 2015-09-20 21:18 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1091303845-677649195-2790264629-1000UA.job
2015-12-12 00:21 - 2015-10-23 19:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-12 00:17 - 2015-08-19 10:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 20:02 - 2015-10-30 12:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-11 20:02 - 2015-08-17 05:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-11 19:58 - 2015-08-17 05:24 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-11 19:40 - 2015-10-30 12:54 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 19:40 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-11 19:23 - 2015-10-23 19:10 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-11 19:02 - 2015-10-30 12:51 - 00000000 ____D C:\WINDOWS\INF
2015-12-11 16:44 - 2015-10-30 11:58 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-11 16:43 - 2015-07-10 14:35 - 00000000 ____D C:\Users\Default.migrated
2015-12-09 09:09 - 2010-11-21 08:57 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-07 15:29 - 2015-09-20 21:18 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1091303845-677649195-2790264629-1000Core.job
2015-12-06 13:35 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\rescache
2015-12-06 00:43 - 2015-10-30 11:58 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 00:41 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-05 15:24 - 2015-09-20 21:18 - 00004018 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1091303845-677649195-2790264629-1000UA
2015-12-05 15:24 - 2015-09-20 21:18 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1091303845-677649195-2790264629-1000Core
2015-12-03 18:26 - 2015-08-17 03:15 - 00000000 ____D C:\Users\JR\AppData\Local\VirtualStore
2015-12-03 18:07 - 2015-08-17 04:32 - 00000000 ____D C:\Temp
2015-12-02 22:12 - 2015-08-19 10:07 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 22:12 - 2015-08-19 10:07 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 06:03 - 2015-10-30 12:56 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 06:03 - 2015-10-30 12:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-22 21:11 - 2015-08-17 04:08 - 00000000 ____D C:\Users\JR\AppData\Local\NVIDIA Corporation
2015-11-20 15:23 - 2015-09-10 09:35 - 00000000 ____D C:\Users\JR\AppData\Local\ElevatedDiagnostics
2015-11-20 15:21 - 2015-09-04 23:21 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-20 15:21 - 2015-09-04 23:21 - 00000000 ____D C:\Users\JR\.oracle_jre_usage
2015-11-20 15:21 - 2015-09-04 23:21 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 15:21 - 2015-09-04 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 15:21 - 2015-09-04 23:21 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 14:25 - 2015-09-06 09:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-20 14:21 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-20 14:21 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-20 14:21 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-20 14:21 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-20 14:21 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-20 14:21 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-20 12:00 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\Help
2015-11-20 11:59 - 2015-08-17 03:26 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-18 21:58 - 2015-09-28 11:17 - 00000000 ____D C:\ProgramData\Steam
2015-11-18 18:05 - 2015-08-17 03:37 - 00089648 _____ C:\Users\JR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-18 10:16 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-18 10:13 - 2015-09-06 09:18 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-18 10:06 - 2015-10-30 12:54 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-18 09:59 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-11-18 09:59 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-11-18 09:59 - 2015-10-30 12:49 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-11-18 09:59 - 2015-10-30 12:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-11-18 09:59 - 2015-10-30 12:49 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-11-18 09:59 - 2015-10-30 12:49 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-11-18 09:59 - 2015-10-30 12:49 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-11-18 09:59 - 2015-10-30 12:49 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-11-18 09:59 - 2015-10-30 12:49 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-11-18 09:59 - 2015-10-30 12:48 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-11-18 09:59 - 2015-10-30 12:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-11-18 09:59 - 2015-10-30 12:48 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-11-18 09:59 - 2015-10-30 12:48 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-11-18 09:59 - 2015-10-30 12:48 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-11-18 09:59 - 2015-10-30 12:48 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-11-18 09:59 - 2015-10-30 12:48 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-11-18 09:59 - 2015-10-30 12:48 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-11-18 09:59 - 2015-10-30 12:48 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-11-18 09:59 - 2015-10-30 12:48 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-11-17 22:51 - 2015-09-06 09:43 - 00000000 ___RD C:\Users\JR\OneDrive
2015-11-17 22:41 - 2015-09-08 02:37 - 00000000 ____D C:\ProgramData\PCDr
2015-11-17 21:26 - 2015-09-06 09:39 - 00000000 ____D C:\Users\JR\AppData\Local\Packages
2015-11-17 21:24 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-17 21:11 - 2015-09-06 09:43 - 00002360 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-17 21:07 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-17 21:07 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-17 21:05 - 2015-09-06 08:46 - 00023784 _____ C:\WINDOWS\diagerr.xml
2015-11-17 21:05 - 2015-09-06 08:46 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2015-11-17 21:02 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-17 21:00 - 2015-10-30 12:54 - 00000000 __RSD C:\WINDOWS\Media
2015-11-17 21:00 - 2015-09-20 21:10 - 00002290 _____ C:\WINDOWS\System32\Tasks\{6B45844A-E09F-4CB0-9B8B-F59C735B8B6A}
2015-11-17 21:00 - 2015-09-15 17:02 - 00002274 _____ C:\WINDOWS\System32\Tasks\{7DB62075-13C6-4FCB-9C42-774F84B96BF7}
2015-11-17 21:00 - 2015-09-10 11:06 - 00003280 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-11-17 21:00 - 2015-09-07 10:50 - 00003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-11-17 21:00 - 2015-09-07 10:41 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2015-11-17 21:00 - 2015-09-07 10:18 - 00003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2015-11-17 21:00 - 2015-09-07 10:18 - 00002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2015-11-17 21:00 - 2015-09-06 09:34 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-17 21:00 - 2015-08-17 11:41 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-17 21:00 - 2015-08-17 03:48 - 00002252 _____ C:\WINDOWS\System32\Tasks\{84CE4A7D-E4B3-437D-B476-6AE6F222BF0E}
2015-11-17 20:59 - 2015-10-30 12:54 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-17 20:53 - 2015-10-30 14:37 - 00000000 ____D C:\WINDOWS\ShellNew
2015-11-17 20:53 - 2015-10-07 19:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-17 20:53 - 2015-09-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-11-17 20:53 - 2015-09-08 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-11-17 20:53 - 2015-09-07 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2015-11-17 20:53 - 2015-08-17 05:04 - 00000000 ____D C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-17 20:53 - 2015-08-17 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-17 20:53 - 2015-08-17 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-17 20:53 - 2015-08-17 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-17 20:53 - 2015-08-17 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2015-11-17 20:50 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-11-17 20:50 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-11-17 20:49 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-17 20:49 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-17 20:49 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\IME
2015-11-17 20:49 - 2015-08-17 04:37 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\schemas
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-17 20:48 - 2015-10-30 12:54 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-17 20:48 - 2015-10-10 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-17 20:48 - 2015-09-08 23:55 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-17 20:48 - 2015-09-08 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-17 20:48 - 2015-09-07 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Dell
2015-11-17 20:37 - 2015-10-30 14:44 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-17 20:15 - 2015-10-30 15:12 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-17 14:18 - 2015-10-06 23:08 - 00000000 ____D C:\Users\JR\AppData\Roaming\DMCache
2015-11-15 23:58 - 2015-11-07 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 23:58 - 2015-08-19 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-13 00:07 - 2015-08-17 04:05 - 01828160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-11-13 00:07 - 2015-08-17 04:05 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-11-13 00:07 - 2015-08-17 04:05 - 01509824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-11-13 00:07 - 2015-08-17 04:05 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

==================== Files in the root of some directories =======

2015-11-17 20:41 - 2015-11-17 20:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\JR\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\JR\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\JR\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\JR\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-07 12:49

==================== End of FRST.txt ============================Attached File  Addition.txt   37.06KB   1 downloads



#4 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 12 December 2015 - 08:06 AM

Hi Yılmaz...I hope you have seen my reply.. :bounce:



#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 12 December 2015 - 09:00 AM

Hi Rocky143,
 
Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
 

 

Step 1:
FRST Script:

Please download this attached Attached File  Fixlist.txt   3.47KB   11 downloads and save it in the same directory as FRST.

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 12 December 2015 - 11:32 AM

Hi yilmar for doing this above steps should i need to pause the protection of Kaspersky internet security and windows defender?



#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 12 December 2015 - 12:04 PM

Hi yilmar for doing this above steps should i need to pause the protection of Kaspersky internet security and windows defender?

This here

http://www.tenforums.com/tutorials/5918-windows-defender-turn-off-windows-10-a.html

https://www.reddit.com/r/Windows10/comments/34x6a2/howto_manually_disable_windows_defender/


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 13 December 2015 - 07:07 AM

Hello Yilmaz...i have done the procedures you have given..but some small problems were there..

1)In MBAM there was no clipboard option so i saved it as .text format, and i posted it below.

2)In EEK your procedure is a bit different as i think the EEK software is having a new look..it had 3 scan options quick scan , malware scan, custom scan,there was no Full scan option(directly).I used malware scan and also i used custom scan and i have attached both reports.I hope this is the information you need.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by JR (2015-12-13 12:17:34) Run:1
Running from C:\Users\JR\Desktop
Loaded Profiles: JR (Available Profiles: JR & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1091303845-677649195-2790264629-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\JR\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {19ABF803-63E2-48AA-A2DD-2EC9524B2D33} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {334350FC-49F1-4E15-ADEC-3E886D42E1C3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {35A52D6B-78E3-4E64-BBE9-98A6CC860845} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {364E75ED-D7EB-42A4-935E-142A74BC8907} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5A04DE66-BD55-4126-A108-4326FCC93C61} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {88A1921E-6A06-4620-BEB2-697BA75E0806} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {903A1AB5-02F8-402D-BCEE-CC6BB5B7D0D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A2B95672-CDC3-4C8D-B339-2E399C6C7C54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B6E5A815-875D-461B-A85C-4C3266A03445} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C27D9003-4851-4D64-ACC5-3DED8E061795} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E8251C3A-74E2-40F1-9620-27A951E8EE6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Cisco:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DBC14:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Intel:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Visual Studio 8:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSBuild:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
FF user.js: detected! => C:\Users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\odleuqpo.default-1441326926000\user.js
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
U3 idsvc; no ImagePath
C:\WINDOWS\msdownld.tmp
C:\ProgramData\DP45977C.lfl
C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
C:\WINDOWS\system32\Drivers\etc\hosts.ics
C:\Users\JR\AppData\Roaming\uTorrent
C:\Users\JR\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\JR\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\JR\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\JR\AppData\Local\Temp\nvStInst.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Reboot:

 
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1091303845-677649195-2790264629-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19ABF803-63E2-48AA-A2DD-2EC9524B2D33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19ABF803-63E2-48AA-A2DD-2EC9524B2D33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{334350FC-49F1-4E15-ADEC-3E886D42E1C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{334350FC-49F1-4E15-ADEC-3E886D42E1C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35A52D6B-78E3-4E64-BBE9-98A6CC860845}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35A52D6B-78E3-4E64-BBE9-98A6CC860845}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{364E75ED-D7EB-42A4-935E-142A74BC8907}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{364E75ED-D7EB-42A4-935E-142A74BC8907}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A04DE66-BD55-4126-A108-4326FCC93C61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A04DE66-BD55-4126-A108-4326FCC93C61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88A1921E-6A06-4620-BEB2-697BA75E0806}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A1921E-6A06-4620-BEB2-697BA75E0806}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{903A1AB5-02F8-402D-BCEE-CC6BB5B7D0D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{903A1AB5-02F8-402D-BCEE-CC6BB5B7D0D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2B95672-CDC3-4C8D-B339-2E399C6C7C54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2B95672-CDC3-4C8D-B339-2E399C6C7C54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6E5A815-875D-461B-A85C-4C3266A03445}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6E5A815-875D-461B-A85C-4C3266A03445}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C27D9003-4851-4D64-ACC5-3DED8E061795}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27D9003-4851-4D64-ACC5-3DED8E061795}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8251C3A-74E2-40F1-9620-27A951E8EE6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8251C3A-74E2-40F1-9620-27A951E8EE6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\Program Files\WinRAR => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Cisco => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\DBC14 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Dell => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Intel => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft Office => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft Visual Studio 8 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Mozilla Firefox => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\MSBuild => ":Win32App_1" ADS removed successfully.
C:\Program Files\Common Files\microsoft shared => ":Win32App_1" ADS removed successfully.
FF user.js: detected! => C:\Users\JR\AppData\Roaming\Mozilla\Firefox\Profiles\odleuqpo.default-1441326926000\user.js => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
idsvc => service removed successfully
C:\WINDOWS\msdownld.tmp => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} => moved successfully
C:\WINDOWS\system32\Drivers\etc\hosts.ics => moved successfully
C:\Users\JR\AppData\Roaming\uTorrent => moved successfully
C:\Users\JR\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\JR\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\JR\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\JR\AppData\Local\Temp\nvStInst.exe => moved successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 930.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:18:57 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/13/2015
Scan Time: 12:47 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.13.02
Rootkit Database: v2015.12.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: JR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383474
Time Elapsed: 15 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Emsisoft Emergency Kit - Version 10.0
Last update: 12/13/2015 3:35:03 PM
User account: JR-PC\JR

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    12/13/2015 3:36:05 PM

Scanned    75640
Found    0

Scan end:    12/13/2015 3:39:58 PM
Scan time:    0:03:53
 

Emsisoft Emergency Kit - Version 10.0
Last update: 12/13/2015 3:35:03 PM
User account: JR-PC\JR

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    12/13/2015 3:41:31 PM
E:\Games\Pro Evolution Soccer 2016\NoDVD\ALI213\PES2016.exe     detected: Gen:Variant.Vundo.8 (B)
E:\Games\Pro Evolution Soccer 2016\NoDVD\3DM\PES2016.exe     detected: Gen:Variant.Vundo.8 (B)

Scanned    366156
Found    2

Scan end:    12/13/2015 4:27:47 PM
Scan time:    0:46:16

E:\Games\Pro Evolution Soccer 2016\NoDVD\3DM\PES2016.exe    Quarantined Gen:Variant.Vundo.8 (B)
E:\Games\Pro Evolution Soccer 2016\NoDVD\ALI213\PES2016.exe    Quarantined Gen:Variant.Vundo.8 (B)

Quarantined    2
 



#9 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 13 December 2015 - 02:07 PM

hi yilmaz..is everything ok now in my log?



#10 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 13 December 2015 - 02:36 PM

Create a New Restore Point

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  •  
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • Disk cleanup in Windows 10
  • Reboot and see how it is.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 14 December 2015 - 01:57 PM

if i give disk cleanup..will all files be deleted (docs,songs,movies)?...will everything would be wiped out clean...sorry for asking but i'm not sure...

even if its ok why should i need to create a system restore before the procedure?


Edited by Rocky143, 14 December 2015 - 02:08 PM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 14 December 2015 - 04:54 PM

if i give disk cleanup..will all files be deleted (docs,songs,movies)?...will everything would be wiped out clean...sorry for asking but i'm not sure...

even if its ok why should i need to create a system restore before the procedure?

No system restore.  Just create a Restore Point. Read the manuel again. Please run disk cleanup. No problem.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 15 December 2015 - 03:44 AM

i did what you had said but there was'nt any significant change other than some 8gb was freed from my c: drive...and again when i selected the option it still that i can free up 25.8gb space .....i did exactly you told by choosing more options tab and clicking the "Clean up" button under System Restore.Did i do something wrong?

 

Attached Files

  • Attached File  disk.png   33.13KB   0 downloads


#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 15 December 2015 - 07:29 PM

There should not mark another box

is there any problem, after restarting the system

But it would not be a problem, should not be. how the machine is behaving ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Rocky143

Rocky143
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 03:14 AM

well there is no problem everything seems ok...did a scan with kaspersky and there is no detection of any virus or malware...everything is as usual as it was before.Also boot time reduced from 8.5seconds to 7.9.

1)So you said to do disk cleanup by clicking the "Clean up" button under System Restore..what does it actually do?(Because it did not clear up any space)

2)Can i delete the softwares which i used for the malware problem -- FRST,EEK,MBAM?


Edited by Rocky143, 16 December 2015 - 01:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users