Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis advises entries not running from system 32 folder and missing files


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dkentuk

Dkentuk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 22 April 2016 - 01:12 PM

Hello

 

i would be very grateful if someone please can help me as I think my pc may be infected .I ran a hijackthis scan and have 10 red crosses advising that files are not running from the system 32 folder (some are also listed as missing files) and that i have possible nasties. Please can someone check the enclosed FRST Logs 

 

Many thanks

Daz

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Daz (administrator) on DAZ-PC (22-04-2016 19:09:19)
Running from C:\Users\Daz\Downloads
Loaded Profiles: Daz (Available Profiles: Daz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Users\Daz\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A1EDBEC-5B8B-4F19-93CE-B4D871C4A888}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2115939342-1916274226-45381908-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-2115939342-1916274226-45381908-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-23] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-23] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Daz\AppData\Roaming\Mozilla\Firefox\Profiles\bj78mhm6.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)
FF Extension: DownThemAll! - C:\Users\Daz\AppData\Roaming\Mozilla\Firefox\Profiles\bj78mhm6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-23] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-23] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 19:09 - 2016-04-22 19:09 - 00008888 _____ C:\Users\Daz\Downloads\FRST.txt
2016-04-22 18:42 - 2016-04-22 19:09 - 00000000 ____D C:\FRST
2016-04-22 18:40 - 2016-04-22 18:40 - 02375680 _____ (Farbar) C:\Users\Daz\Downloads\FRST64.exe
2016-04-22 18:27 - 2016-04-22 18:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Daz\Downloads\spybot-2.4.exe
2016-04-22 18:24 - 2016-04-22 18:24 - 00186880 _____ (CEXX.ORG) C:\Users\Daz\Downloads\LSPFix.exe
2016-04-22 18:20 - 2016-04-22 18:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\Daz\Downloads\HijackThis.exe
2016-04-20 23:26 - 2016-04-20 23:26 - 10328598 _____ (Nullsoft, Inc.) C:\Users\Daz\Downloads\winamp5666_full_en-us_redux.exe
2016-04-19 17:02 - 2016-04-19 17:02 - 00000000 ____D C:\Users\Daz\AppData\Roaming\Orbx systems
2016-04-18 17:53 - 2016-04-18 18:13 - 00001316 _____ C:\Users\Daz\Desktop\FTX Central 2.lnk
2016-04-18 17:51 - 2016-04-18 18:14 - 00000000 ____D C:\Users\Daz\AppData\Local\Orbx
2016-04-13 18:47 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 18:47 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 18:47 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 18:47 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 18:47 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 18:47 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 18:47 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 18:47 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 18:47 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 18:47 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 18:47 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 18:47 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 18:47 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 18:47 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 18:47 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 18:47 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 18:47 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 18:47 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 18:47 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 18:47 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 18:47 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 18:47 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 18:47 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 18:47 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 18:47 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 18:47 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 18:47 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 18:47 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 18:47 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 18:47 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 18:47 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 18:47 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 18:47 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 18:47 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 18:47 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 18:47 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 18:47 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 18:47 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 18:47 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 18:47 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 18:47 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 18:47 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 18:47 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 18:47 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 18:47 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 18:47 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 18:47 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 18:47 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 18:47 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 18:47 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 18:47 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 18:47 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 18:47 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 18:47 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 18:47 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 18:47 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 18:47 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 18:47 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 18:47 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 18:47 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 18:47 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 18:47 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 18:47 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 18:47 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 18:47 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 18:47 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 18:47 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 18:47 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 18:47 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 18:44 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 18:44 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 18:44 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 18:44 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 18:44 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 18:44 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 18:44 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 18:44 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 18:44 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 18:44 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 18:44 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 18:44 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 18:44 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 18:44 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 18:44 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 18:44 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 18:44 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 18:44 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 18:44 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 18:44 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 18:44 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 18:44 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 18:44 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 18:44 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 18:44 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 18:44 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 18:44 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 18:44 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 18:44 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 18:44 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 18:44 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 18:44 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 18:44 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 18:44 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 18:44 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 18:44 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 18:44 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 18:44 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 18:44 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 18:44 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 18:44 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 18:44 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 18:44 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 18:44 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 18:44 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 18:44 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 18:44 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 18:44 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 18:44 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 18:44 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 18:44 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 18:44 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 18:44 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 18:44 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 18:44 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 18:44 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 18:44 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 18:44 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 18:44 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 18:44 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 18:44 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 18:43 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 18:16 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 18:16 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 18:05 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 18:05 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 18:05 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 18:05 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 16:41 - 2016-04-13 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-13 16:25 - 2013-08-31 08:30 - 01188007 _____ C:\Users\Daz\Downloads\AOA_737NGX_FLIGHTWORK8_FOLLOWFILES.zip
2016-04-12 20:33 - 2016-04-12 20:33 - 00000000 ____D C:\Users\Daz\AppData\Roaming\HandBrake Team
2016-04-12 20:32 - 2016-04-12 20:32 - 00000000 ____D C:\Users\Daz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-11 18:22 - 2016-04-11 18:22 - 1023067821 _____ C:\Users\Daz\Downloads\b7abluc02-lucifer-revelation-by-paul-darrow.mp3c.zip
2016-04-11 18:19 - 2016-04-11 18:20 - 00000000 ____D C:\Users\Daz\Downloads\super traffic board
2016-04-10 18:36 - 2016-04-05 20:43 - 00126758 _____ C:\Users\Daz\Downloads\coupon040516p3d.zip
2016-04-10 15:50 - 2016-04-10 18:11 - 00000000 ____D C:\nhd
2016-04-09 15:06 - 2016-04-09 15:06 - 00000000 ____D C:\Users\Daz\Documents\Flight Simulator X Files
2016-04-08 18:56 - 2016-04-08 18:56 - 00000202 _____ C:\Users\Daz\Desktop\Microsoft Flight Simulator X Steam Edition.url
2016-04-02 19:37 - 2016-03-05 22:16 - 1393947445 _____ C:\Users\Daz\Downloads\V8.Supercars.2016.Round01.Adelaide.Race2.mkv
2016-04-02 18:07 - 2016-03-05 21:35 - 1843344202 _____ C:\Users\Daz\Downloads\V8.Supercars.2016.Round01.Adelaide.Race1.mkv
2016-03-31 12:45 - 2016-03-31 12:45 - 00000000 ____D C:\Users\Daz\AppData\Local\Alexander_Rahmlow
2016-03-31 11:53 - 2016-04-08 16:23 - 00000000 ____D C:\Program Files (x86)\FsMovMapServer2
2016-03-31 11:15 - 2015-03-10 21:32 - 03181319 _____ (Rahsim ) C:\Users\Daz\Downloads\FsMovMapServer203Setup.exe
2016-03-30 16:01 - 2016-03-30 16:01 - 00000000 ____D C:\Users\Daz\Downloads\STBDS_V32_FSX_Update
2016-03-30 15:58 - 2013-12-12 10:44 - 03621177 _____ C:\Users\Daz\Downloads\FsxUserGuide.pdf
2016-03-29 15:53 - 2016-03-29 15:53 - 00031473 _____ C:\Users\Daz\Downloads\May to july 16 films.pdf
2016-03-27 15:51 - 2016-01-15 06:25 - 35354739 _____ (Flying-W Simulation ) C:\Users\Daz\Downloads\STB_3.4.0.6_Prepar3D_V3.setup.exe
2016-03-27 15:50 - 2016-03-27 17:52 - 00000028 _____ C:\Users\Daz\Documents\codes stb.txt
2016-03-26 21:25 - 2016-03-26 21:25 - 00002786 _____ C:\Users\Daz\Unigine_Valley_Benchmark_1.0_20160326_2025.html
2016-03-26 19:14 - 2016-03-26 19:14 - 00000000 ____D C:\Users\Daz\AppData\Roaming\NVIDIA
2016-03-26 18:50 - 2016-03-26 18:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-26 18:49 - 2016-02-09 06:41 - 06368824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 02993720 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 01264696 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-26 18:49 - 2016-02-09 06:41 - 00530368 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-03-26 18:49 - 2016-02-09 06:41 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-26 18:49 - 2016-02-06 02:49 - 06154909 _____ C:\Windows\system32\nvcoproc.bin
2016-03-26 18:48 - 2016-03-26 18:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-26 18:47 - 2016-02-11 17:56 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-03-26 18:47 - 2016-02-11 17:56 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-03-26 18:47 - 2016-02-11 17:56 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 42982336 _____ C:\Windows\system32\nvcompiler.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 37616696 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 31081920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 24916536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 21193032 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 18758400 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 17625136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 16995576 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 16327896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 12383288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-26 18:47 - 2016-02-09 09:39 - 03684072 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 03259688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 02722872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436191.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436191.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00950328 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00691256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00469144 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-03-26 18:47 - 2016-02-09 09:39 - 00034905 _____ C:\Windows\system32\nvinfo.pb
2016-03-26 18:24 - 2016-03-26 18:24 - 00003600 _____ C:\Users\Daz\Documents\crapper.nip
2016-03-26 18:18 - 2016-02-11 21:45 - 335612944 _____ (NVIDIA Corporation) C:\Users\Daz\Downloads\361.91-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-03-26 13:54 - 2016-03-26 13:54 - 35517202 _____ C:\Users\Daz\Downloads\2016-03-23 18-39-02.mp4
2016-03-26 13:51 - 2016-03-26 13:51 - 32867651 _____ C:\Users\Daz\Downloads\2016-03-23 18-20-01.mp4
2016-03-25 20:19 - 2016-04-21 18:55 - 00000416 __RSH C:\ProgramData\ntuser.pol
2016-03-25 19:38 - 2016-03-25 19:38 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2016-03-25 19:37 - 2012-02-02 13:48 - 00527423 _____ ( ) C:\Users\Daz\Downloads\Lame_v3.99.3_for_Windows.exe
2016-03-23 21:36 - 2016-03-23 21:36 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458765414
2016-03-23 17:28 - 2016-03-23 17:23 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-23 17:24 - 2016-04-19 07:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-23 17:24 - 2016-03-23 17:24 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-23 17:24 - 2016-03-23 17:24 - 00000000 ____D C:\Users\Daz\AppData\Roaming\AVAST Software
2016-03-23 17:24 - 2016-03-23 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-23 17:23 - 2016-03-23 17:24 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-03-23 17:23 - 2016-03-23 17:24 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-03-23 17:23 - 2016-03-23 17:24 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-03-23 17:23 - 2016-03-23 17:24 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-03-23 17:23 - 2016-03-23 17:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-23 17:23 - 2016-03-23 17:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-23 17:23 - 2016-03-23 17:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-23 17:23 - 2016-03-23 17:23 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-23 17:23 - 2016-03-23 17:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-23 17:19 - 2016-03-23 21:59 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 17:17 - 2016-03-23 21:59 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 16:54 - 2016-03-23 16:54 - 05066104 _____ (AVAST Software) C:\Users\Daz\Downloads\avast_free_antivirus_setup_online_cnet2(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 18:24 - 2009-07-14 05:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-22 18:24 - 2009-07-14 05:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-22 18:20 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-22 18:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-22 18:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-21 18:57 - 2015-12-25 10:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 17:38 - 2015-12-25 20:13 - 00000000 ____D C:\Program Files (x86)\LOOT
2016-04-19 17:37 - 2015-12-25 20:13 - 00000000 ____D C:\Users\Daz\AppData\Local\LOOT
2016-04-19 17:16 - 2015-12-25 19:58 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-04-19 17:16 - 2015-12-25 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-04-19 17:16 - 2015-12-25 19:58 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-04-18 18:41 - 2015-12-25 11:32 - 01065984 _____ C:\Users\Daz\AppData\Local\file__0.localstorage
2016-04-18 18:13 - 2016-02-08 19:46 - 00000000 ____D C:\Users\Daz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx
2016-04-17 01:31 - 2015-12-27 03:10 - 00000000 ____D C:\Users\Daz\AppData\Roaming\vlc
2016-04-17 01:10 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-16 17:22 - 2016-03-07 18:20 - 00000000 ____D C:\Users\Daz\Downloads\AOA 737ngx
2016-04-15 16:22 - 2016-01-06 08:30 - 00001365 _____ C:\Users\Daz\Documents\running log 2016.txt
2016-04-13 21:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 20:30 - 2015-12-24 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 20:30 - 2009-07-14 05:45 - 00293088 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 20:27 - 2015-12-25 09:51 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 20:26 - 2015-12-25 09:51 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-12 20:34 - 2016-01-16 18:03 - 00000000 ____D C:\Users\Daz\AppData\Roaming\HandBrake
2016-04-12 20:32 - 2016-01-16 18:03 - 00000824 _____ C:\Users\Daz\Desktop\Handbrake.lnk
2016-04-12 20:32 - 2016-01-16 18:03 - 00000000 ____D C:\Program Files\Handbrake
2016-04-10 09:27 - 2015-12-25 11:56 - 00000000 ____D C:\Users\Daz\Documents\My Games
2016-04-08 16:21 - 2016-02-16 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
2016-04-06 10:18 - 2010-11-21 04:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-01 16:22 - 2015-12-25 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-01 16:22 - 2015-12-25 10:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-26 21:25 - 2015-12-24 22:26 - 00000000 ____D C:\Users\Daz
2016-03-26 18:49 - 2015-12-25 11:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-26 18:49 - 2015-12-25 11:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-26 18:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2016-03-26 18:48 - 2015-12-25 16:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-25 21:03 - 2016-03-10 23:39 - 00000000 ____D C:\Users\Daz\AppData\Roaming\Audacity
2016-03-25 20:17 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-25 19:39 - 2016-03-10 23:39 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-03-25 19:26 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-12-25 11:32 - 2016-04-18 18:41 - 1065984 _____ () C:\Users\Daz\AppData\Local\file__0.localstorage

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 18:05

==================== End of FRST.txt ============================

Attached Files


Edited by Dkentuk, 22 April 2016 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 23 April 2016 - 07:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean of malware.

p.s.
HijackThis is no longer supported and is not ready for your operating system.
It's reporting false positive entries.
I suggest your remove via the Control panel > Programs > Programs and Features Applet.
Use the Farbar tool from now on to report problems.
<<<>>>

If you have any difficulties with your computer please explain.

#3 Dkentuk

Dkentuk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 24 April 2016 - 04:16 AM

Hello

 

Thankyou for checking the logfiles for me, am happy that i don't have any malware. Re hijackthis i downloaded as an exe file and there does not appear to be an entry in the add/ remove programs for it. Can i just delete the exe file? (380k size)

 

kind regards

 

Daz



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 24 April 2016 - 07:59 AM

Yes just delete the file.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 30 April 2016 - 06:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users