Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Turning off randomly


  • This topic is locked This topic is locked
15 replies to this topic

#1 tanhed123

tanhed123

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 May 2016 - 10:21 PM

Every once in a while my computer cannot find internet for some reason even though people in my house still have internet and also sometimes when playing a video it also blinks black for one second and then says my video card stopped responding and recovered, can you help me diagnose if i have some kind of virus?
 


Edited by tanhed123, 02 May 2016 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 May 2016 - 10:32 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016

Ran by Kevin (administrator) on DESKTOP-O508F63 (02-05-2016 23:25:15)

Running from C:\Users\Kevin\Downloads

Loaded Profiles: Kevin (Available Profiles: Kevin)

Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-02-29] (SUPERAntiSpyware)

HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\Run: [Viber] => C:\Users\Kevin\AppData\Local\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã

r.l.)

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{1eebd50f-90d3-456b-8e45-267cf54c0d02}: [DhcpNameServer] 192.168.0.1

Internet Explorer:

==================

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-30] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-30] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-30] (Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-30] (Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-30] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-30] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-30] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-30] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\k3d8r146.default

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-30] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-30] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-18] (Google Inc.)

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-03-16] [not signed]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:

=======

CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-16]

CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-16]

CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]

CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-16]

CHR Extension: (Adblock Plus) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-28]

CHR Extension: (Google Sheets) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-16]

CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]

CHR Extension: (Flashcontrol) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-04-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]

CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838760 2016-04-24] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-26] (SurfRight B.V.)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)

R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-27] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-04-27] (Bitdefender)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-04-27] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-04-27] (BitDefender)

S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-04-27] (BitDefender LLC)

S4 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)

R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek                                            )

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [43704 2015-11-16] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-24] ()

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-04-27] (BitDefender S.R.L.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-04-10] (Wellbia.com Co., Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 23:25 - 2016-05-02 23:25 - 00017418 _____ C:\Users\Kevin\Downloads\FRST.txt

2016-05-02 23:25 - 2016-05-02 23:25 - 00000000 ____D C:\FRST

2016-05-02 23:24 - 2016-05-02 23:25 - 02377216 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe

2016-05-02 23:08 - 2016-05-02 23:08 - 00000222 _____ C:\Users\Kevin\Desktop\Battleborn.url

2016-04-30 19:43 - 2016-04-30 19:43 - 00000000 ____D C:\Users\Kevin\Documents\Custom Office Templates

2016-04-30 17:41 - 2016-05-02 20:17 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\ViberPC

2016-04-30 17:41 - 2016-04-30 17:41 - 00001033 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk

2016-04-30 17:41 - 2016-04-30 17:41 - 00001031 _____ C:\Users\Kevin\Desktop\Viber.lnk

2016-04-30 17:41 - 2016-04-30 17:41 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\NVIDIA

2016-04-30 17:41 - 2016-04-30 17:41 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber

2016-04-30 17:41 - 2016-04-30 17:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\Viber

2016-04-30 17:41 - 2016-04-30 17:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\Package Cache

2016-04-30 17:39 - 2016-04-30 17:41 - 105462592 _____ (Viber Media Inc.) C:\Users\Kevin\Downloads\ViberSetup.exe

2016-04-30 17:25 - 2016-04-30 17:25 - 00002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

2016-04-30 17:25 - 2016-04-30 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools

2016-04-30 17:21 - 2016-04-30 22:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-04-30 17:21 - 2016-04-30 17:21 - 03300032 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\Setup.x86.en-US_ProPlusRetail_QBWVN-BP7P8-K9FXB-J23RY-7MH7H_TX_PR_act_1_.exe

2016-04-30 17:21 - 2016-04-30 17:21 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-04-24 18:04 - 2016-04-24 18:04 - 00635120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll

2016-04-24 18:04 - 2016-04-24 18:04 - 00390408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll

2016-04-24 18:04 - 2016-04-24 18:04 - 00333080 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll

2016-04-24 18:04 - 2016-04-24 18:04 - 00088816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

2016-04-24 16:56 - 2016-04-24 16:56 - 03580480 _____ C:\Users\Kevin\Downloads\adwcleaner_5.113.exe

2016-04-24 16:01 - 2016-04-24 16:01 - 00439536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll

2016-04-24 16:01 - 2016-04-24 16:01 - 00267016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll

2016-04-24 16:01 - 2016-04-24 16:01 - 00243480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll

2016-04-24 16:01 - 2016-04-24 16:01 - 00085232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll

2016-04-20 15:44 - 2016-04-20 15:44 - 00003336 _____ C:\WINDOWS\System32\Tasks\{224AB43D-8785-47D5-AE4D-B3ADCD6A33AB}

2016-04-15 18:32 - 2016-04-15 18:33 - 19765832 _____ C:\Users\Kevin\Downloads\RogueKiller.exe

2016-04-15 17:44 - 2016-04-15 18:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe

2016-04-15 17:44 - 2016-04-15 18:36 - 00002276 _____ C:\Users\Kevin\Desktop\Rkill.txt

2016-04-15 16:17 - 2016-04-15 16:17 - 00000564 _____ C:\Users\Kevin\Documents\starburn.txt

2016-04-15 16:17 - 2016-04-15 16:17 - 00000000 ____D C:\ProgramData\Wondershare

2016-04-15 16:13 - 2016-04-15 16:25 - 00000000 ____D C:\Users\Kevin\Documents\Wondershare Filmora

2016-04-15 16:13 - 2016-04-15 16:13 - 00000993 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk

2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\Users\Kevin\AppData\Local\Wondershare

2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\ProgramData\Wondershare Video Editor

2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\Program Files\Wondershare

2016-04-15 16:12 - 2016-04-15 16:13 - 00000000 ____D C:\Users\Public\Documents\Wondershare

2016-04-15 16:11 - 2016-04-15 16:17 - 01206416 _____ C:\Users\Kevin\Downloads\filmora_setup_full846.exe

2016-04-14 16:13 - 2016-04-15 17:48 - 00000554 _____ C:\Users\Kevin\Desktop\JRT.txt

2016-04-14 16:10 - 2016-04-15 17:46 - 01610352 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT.exe

2016-04-14 16:07 - 2016-04-30 20:02 - 00000000 ____D C:\AdwCleaner

2016-04-13 14:14 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-04-13 14:14 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-04-13 14:14 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-13 14:14 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-04-13 14:14 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2016-04-13 14:14 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-04-13 14:14 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-04-13 14:14 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-04-13 14:14 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-04-13 14:14 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-04-13 14:14 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-04-13 14:14 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-04-13 14:14 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-04-13 14:14 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-04-13 14:14 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2016-04-13 14:14 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-04-13 14:14 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-04-13 14:14 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-04-13 14:14 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-04-13 14:14 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-04-13 14:14 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-04-13 14:14 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-04-13 14:14 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-04-13 14:14 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-04-13 14:14 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-04-13 14:14 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-04-13 14:14 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-04-13 14:14 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-04-13 14:14 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-04-13 14:14 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-04-13 14:14 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-04-13 14:14 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-04-13 14:14 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-04-13 14:14 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-04-13 14:14 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-04-13 14:14 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-04-13 14:14 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-04-13 14:14 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-04-13 14:14 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-04-13 14:14 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-04-13 14:14 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-04-13 14:14 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-04-13 14:14 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-04-13 14:14 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-04-13 14:14 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-04-13 14:14 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-04-13 14:14 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-04-13 14:14 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-04-13 14:14 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-04-13 14:14 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-04-13 14:14 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-04-13 14:14 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-04-13 14:14 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-04-13 14:14 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-04-13 14:14 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-04-13 14:14 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-04-13 14:14 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-04-13 14:13 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-04-13 14:13 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2016-04-13 14:13 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2016-04-13 14:13 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2016-04-13 14:13 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-04-13 14:13 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-04-13 14:13 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-04-13 14:13 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2016-04-13 14:13 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-04-13 14:13 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

2016-04-13 14:13 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-04-13 14:13 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-04-13 14:13 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-04-13 14:13 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-04-13 14:13 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-04-13 14:13 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-04-13 14:13 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2016-04-13 14:13 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2016-04-13 14:13 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-04-13 14:13 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-04-13 14:13 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2016-04-13 14:13 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys

2016-04-13 14:13 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

2016-04-13 14:13 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-04-13 14:13 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2016-04-13 14:13 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-04-13 14:13 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe

2016-04-13 14:13 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-04-13 14:13 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-04-13 14:13 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-04-13 14:13 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2016-04-13 14:13 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2016-04-13 14:13 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-04-13 14:13 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2016-04-13 14:13 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2016-04-13 14:13 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-04-13 14:13 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys

2016-04-13 14:13 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2016-04-13 14:13 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2016-04-13 14:13 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-04-13 14:13 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-04-13 14:13 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-04-13 14:13 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-04-13 14:13 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2016-04-13 14:13 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-04-13 14:13 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-04-13 14:13 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2016-04-13 14:13 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2016-04-13 14:13 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2016-04-13 14:13 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2016-04-13 14:13 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll

2016-04-13 14:13 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2016-04-13 14:13 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-04-13 14:13 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-04-13 14:13 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2016-04-13 14:13 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-04-13 14:13 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-04-13 14:13 - 2016-03-29 03:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2016-04-13 14:13 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-04-13 14:13 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-04-13 14:13 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-04-13 14:13 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-04-13 14:13 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2016-04-13 14:13 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-04-13 14:13 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-04-13 14:13 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-04-13 14:13 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2016-04-13 14:13 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2016-04-13 14:13 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2016-04-13 14:13 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-04-13 14:13 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2016-04-13 14:13 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2016-04-13 14:13 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-04-13 14:13 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-04-13 14:13 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2016-04-13 14:13 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-04-13 14:13 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll

2016-04-13 14:13 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-04-13 14:13 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2016-04-13 14:13 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll

2016-04-13 14:13 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2016-04-13 14:13 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2016-04-13 14:13 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2016-04-13 14:13 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-04-13 14:13 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2016-04-13 14:13 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-04-13 14:13 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-04-13 14:13 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-04-13 14:13 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2016-04-13 14:13 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2016-04-13 14:13 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2016-04-13 14:13 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2016-04-13 14:13 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2016-04-13 14:13 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2016-04-13 14:13 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2016-04-13 14:13 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-04-13 14:13 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-04-13 14:13 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

2016-04-13 14:13 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-04-13 14:13 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-04-13 14:13 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll

2016-04-13 14:13 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2016-04-13 14:13 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2016-04-13 14:13 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2016-04-13 14:13 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2016-04-13 14:13 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2016-04-13 14:13 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-04-13 14:13 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-04-13 14:13 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2016-04-13 14:13 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

2016-04-13 14:13 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2016-04-13 14:13 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

2016-04-13 14:13 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2016-04-13 14:13 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2016-04-13 14:13 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2016-04-13 14:12 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

2016-04-13 14:12 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2016-04-13 14:12 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2016-04-13 14:12 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll

2016-04-13 14:12 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

2016-04-13 14:12 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll

2016-04-13 14:12 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-04-13 14:12 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-04-13 14:12 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2016-04-13 14:12 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-04-13 14:12 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-04-13 14:12 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2016-04-13 14:12 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

2016-04-13 14:12 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-04-13 14:12 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2016-04-13 14:12 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-04-13 14:12 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

2016-04-13 14:12 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll

2016-04-13 14:12 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll

2016-04-13 14:12 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll

2016-04-13 14:12 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll

2016-04-13 14:12 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll

2016-04-13 14:12 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll

2016-04-13 14:12 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll

2016-04-13 14:12 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-04-13 14:12 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-04-13 14:12 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

2016-04-13 14:12 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2016-04-13 14:12 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll

2016-04-13 14:12 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll

2016-04-13 14:12 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll

2016-04-13 14:12 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe

2016-04-13 14:12 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll

2016-04-13 14:12 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-04-13 14:12 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2016-04-13 14:12 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-04-13 14:12 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

2016-04-13 14:12 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll

2016-04-13 14:12 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-04-13 14:12 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys

2016-04-13 14:12 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

2016-04-13 14:12 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-04-13 14:12 - 2016-03-29 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys

2016-04-13 14:12 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll

2016-04-13 14:12 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

2016-04-13 14:12 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

2016-04-13 14:12 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll

2016-04-13 14:12 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-04-13 14:12 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2016-04-13 14:12 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2016-04-13 14:12 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys

2016-04-13 14:12 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-04-13 14:12 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2016-04-13 14:12 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-04-13 14:12 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

2016-04-13 14:12 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll

2016-04-13 14:12 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2016-04-13 14:12 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2016-04-13 14:12 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

2016-04-13 14:12 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-04-13 14:12 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2016-04-13 14:12 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2016-04-13 14:12 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll

2016-04-13 14:12 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-04-13 14:12 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-04-13 14:12 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2016-04-13 14:12 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-13 14:12 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll

2016-04-13 14:12 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll

2016-04-13 14:12 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll

2016-04-13 14:12 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll

2016-04-13 14:12 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2016-04-13 14:12 - 2016-03-29 03:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS

2016-04-13 14:12 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-04-13 14:12 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll

2016-04-13 14:12 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll

2016-04-13 14:12 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-04-13 14:12 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

2016-04-13 14:12 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2016-04-13 14:12 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2016-04-13 14:12 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-04-13 14:12 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

2016-04-13 14:12 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2016-04-13 14:12 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2016-04-13 14:12 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys

2016-04-13 14:12 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll

2016-04-13 14:12 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll

2016-04-13 14:12 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2016-04-13 14:12 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

2016-04-13 14:12 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2016-04-13 14:12 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

2016-04-13 14:12 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-04-13 14:12 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll

2016-04-13 14:12 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

2016-04-13 14:12 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-13 14:12 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2016-04-13 14:12 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll

2016-04-13 14:12 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2016-04-13 14:12 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-04-13 14:12 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2016-04-13 14:12 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2016-04-13 14:12 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2016-04-13 14:12 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2016-04-13 14:12 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-04-13 14:12 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-04-13 14:12 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

2016-04-13 14:12 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2016-04-13 14:12 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-04-13 14:12 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2016-04-13 14:12 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2016-04-13 14:12 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-04-13 14:12 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll

2016-04-13 14:12 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2016-04-13 14:12 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2016-04-13 14:12 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2016-04-13 14:12 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

2016-04-13 14:12 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

2016-04-13 14:12 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

2016-04-12 00:14 - 2016-04-12 00:22 - 551636111 _____ C:\Users\Kevin\Downloads\fantasmes-shana-lane-1.mp4

2016-04-10 21:37 - 2016-04-10 22:45 - 00036904 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys

2016-04-10 21:37 - 2016-04-10 22:13 - 00000000 ____D C:\Users\Kevin\Documents\DragonNest

2016-04-10 20:30 - 2016-04-10 20:31 - 00000000 ____D C:\Users\Kevin\AppData\Local\NexonLauncher

2016-04-10 20:30 - 2016-04-10 20:30 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\NexonLauncher

2016-04-10 20:29 - 2016-04-10 20:29 - 10274904 _____ C:\Users\Kevin\Downloads\NexonLauncherSetup.exe

2016-04-10 20:29 - 2016-04-10 20:29 - 00002156 _____ C:\Users\Kevin\Desktop\Nexon Launcher.lnk

2016-04-10 20:29 - 2016-04-10 20:29 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon

2016-04-10 20:29 - 2016-04-10 20:29 - 00000000 ____D C:\Program Files (x86)\Nexon

2016-04-05 18:34 - 2016-04-05 18:34 - 00040924 __RSH C:\ProgramData\ntuser.pol

2016-04-05 18:31 - 2016-04-05 18:35 - 00000000 ____D C:\ProgramData\TEMP

2016-04-05 18:31 - 2016-04-05 18:31 - 04274096 _____ (BrightFort LLC ) C:\Users\Kevin\Downloads\spywareblastersetup54.exe

2016-04-05 18:31 - 2016-04-05 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2016-04-05 18:31 - 2016-04-05 18:31 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2016-04-05 18:31 - 2012-05-02 11:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX

2016-04-05 18:31 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL

2016-04-05 18:18 - 2016-04-05 18:18 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com

2016-04-05 18:18 - 2016-04-05 18:18 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2016-04-05 18:18 - 2016-04-05 18:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2016-04-05 18:18 - 2016-04-05 18:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2016-04-05 18:17 - 2016-04-05 18:17 - 25266640 _____ (SUPERAntiSpyware) C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe

2016-04-02 14:19 - 2016-04-02 14:19 - 00000000 ____D C:\Users\Kevin\Downloads\Bitdefender Safepay

2016-04-02 14:16 - 2016-04-02 14:16 - 00000000 ____D C:\Users\Kevin\AppData\Temp

2016-04-02 14:15 - 2016-04-27 20:13 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys

2016-04-02 14:13 - 2016-05-02 20:17 - 00017978 _____ C:\bdlog.txt

2016-04-02 14:13 - 2016-04-02 14:13 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C

2016-04-02 14:13 - 2016-04-02 14:13 - 00002274 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk

2016-04-02 14:13 - 2016-04-02 14:13 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml

2016-04-02 14:13 - 2016-04-02 14:13 - 00000385 _____ C:\Users\Kevin\AppData\Roaminguser_gensett.xml

2016-04-02 14:13 - 2016-04-02 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016

2016-04-02 14:13 - 2016-04-02 14:13 - 00000000 ____D C:\ProgramData\BDLogging

2016-04-02 14:13 - 2009-07-14 13:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll

2016-04-02 14:12 - 2016-04-27 20:13 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys

2016-04-02 14:12 - 2016-04-27 20:13 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys

2016-04-02 14:12 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys

2016-04-02 14:12 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys

2016-04-02 14:12 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll

2016-04-02 14:11 - 2016-04-02 14:13 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Bitdefender

2016-04-02 14:10 - 2016-04-27 20:14 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys

2016-04-02 14:10 - 2016-04-27 20:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys

2016-04-02 14:10 - 2016-04-02 14:16 - 00000000 ____D C:\ProgramData\Bitdefender

2016-04-02 14:10 - 2016-04-02 14:10 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan

2016-04-02 14:10 - 2016-04-02 14:10 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2016-04-02 14:10 - 2016-04-02 14:10 - 00000000 ____D C:\Program Files\Bitdefender

2016-04-02 14:08 - 2016-04-02 14:08 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864

2016-04-02 14:06 - 2016-05-02 23:17 - 00000000 ____D C:\Program Files\Bitdefender Agent

2016-04-02 14:06 - 2016-04-02 14:06 - 10314888 _____ C:\Users\Kevin\Downloads\bitdefender_windows_9431995b-82da-4b58-891b-a2e219586af0.exe

2016-04-02 14:06 - 2016-04-02 14:06 - 00000000 ____D C:\ProgramData\Bitdefender Agent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-02 23:08 - 2016-02-18 23:21 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2016-05-02 22:42 - 2016-02-18 22:37 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-02 21:42 - 2016-02-18 22:37 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-02 20:23 - 2016-02-19 01:12 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-05-02 20:23 - 2016-02-19 00:23 - 00000000 ____D C:\WINDOWS\INF

2016-05-02 20:17 - 2016-03-30 23:58 - 00000000 ____D C:\ProgramData\NVIDIA

2016-05-02 20:17 - 2016-02-19 01:09 - 00000000 __SHD C:\Users\Kevin\IntelGraphicsProfiles

2016-05-02 20:17 - 2016-02-19 01:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-05-02 20:17 - 2016-02-19 01:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-05-02 20:17 - 2016-02-19 00:17 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-05-02 20:17 - 2016-02-18 22:50 - 00000000 ____D C:\Program Files (x86)\Steam

2016-05-02 18:43 - 2016-02-18 22:38 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-05-02 18:43 - 2016-02-18 22:38 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-05-01 22:06 - 2016-02-21 14:42 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps

2016-05-01 20:09 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-04-30 20:02 - 2016-02-19 01:04 - 00343256 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-04-30 17:32 - 2016-02-19 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-04-30 17:29 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\Packages

2016-04-30 17:29 - 2016-02-19 00:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-04-30 17:21 - 2016-02-19 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-04-29 10:57 - 2016-02-19 00:17 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM

2016-04-24 23:35 - 2016-02-21 14:35 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2016-04-21 10:06 - 2016-02-19 01:11 - 00002367 _____ C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-04-21 10:06 - 2016-02-19 01:11 - 00000000 ___RD C:\Users\Kevin\OneDrive

2016-04-19 09:31 - 2016-03-30 23:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-04-15 18:31 - 2016-03-15 23:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-04-15 17:42 - 2016-02-19 01:09 - 00000000 ____D C:\Users\Kevin

2016-04-14 03:57 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\rescache

2016-04-14 03:50 - 2016-02-19 00:19 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-04-14 03:36 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-04-14 03:36 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-04-14 03:36 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2016-04-14 03:36 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-04-13 18:18 - 2016-02-19 23:28 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-04-13 18:17 - 2016-02-19 23:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-04-10 22:00 - 2016-03-03 02:15 - 00000000 ____D C:\Users\Kevin\AppData\Local\Foxit Reader

2016-04-06 14:32 - 2016-02-19 00:25 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-04-06 14:32 - 2016-02-19 00:25 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-04-05 18:37 - 2016-02-21 14:49 - 00000000 ____D C:\ProgramData\HitmanPro

2016-04-05 18:34 - 2016-03-16 09:17 - 00000489 _____ C:\DelFix.txt

2016-04-05 18:34 - 2016-02-19 00:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2016-04-05 18:31 - 2016-02-19 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2016-02-19 01:05 - 2016-02-19 01:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2016-03-05 17:48 - 2016-03-19 12:06 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2016-04-20 11:24

==================== End of FRST.txt ============================



#3 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 May 2016 - 10:34 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Kevin (2016-05-02 23:25:41)
Running from C:\Users\Kevin\Downloads
Windows 10 Pro Version 1511 (X64) (2016-02-19 05:08:45)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-2927064332-1517903795-2755176479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2927064332-1517903795-2755176479-503 - Limited - Disabled)
Guest (S-1-5-21-2927064332-1517903795-2755176479-501 - Limited - Disabled)
Kevin (S-1-5-21-2927064332-1517903795-2755176479-1001 - Administrator - Enabled) => C:\Users\Kevin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Battleborn (HKLM\...\Steam App 394230) (Version:  - Gearbox Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.26.1418 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6769.2040 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.46 - NVIDIA Corporation) Hidden
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Viber (HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Viber (x32 Version: 6.0.1.5 - Viber Media Inc.) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Wondershare Filmora(Build 7.1.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2927064332-1517903795-2755176479-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10318F5D-A056-47D8-8A54-DB3BE66263AD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {148C98A4-70EE-4D82-9CA2-A872ACC8C726} - System32\Tasks\{01CFDB50-A5F5-4ED5-9197-C0F8622ED655} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {19FE8559-980A-4800-84E4-C71BE16B7F90} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1BEAB5B5-7B03-479A-9AF9-D36B10A9671E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {1F368F89-59F9-4712-8E9F-106AA4941AC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-30] (Microsoft Corporation)
Task: {254A659A-3124-4DEA-8682-B3BF1130E9AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {66DC298C-6CF2-4C8B-8E56-89CA40E7EABE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {76DC4309-75EF-4F5B-9B34-2C2D4AED8017} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {8DB099EC-B5CC-4DCE-A5EC-3A804E958C52} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-24] (Microsoft Corporation)
Task: {9A3D879F-CC34-4564-86EF-AD004778952B} - System32\Tasks\{224AB43D-8785-47D5-AE4D-B3ADCD6A33AB} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {9C5ABE56-7707-4DAE-AAD4-28A27E057F52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {A4A8628E-3033-4EF5-B9E0-D9CD7C62E379} - System32\Tasks\{698BAA7A-ED3A-48AD-9BEC-9C86CF50A2C3} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {BF85FA40-0896-4DA0-BBD3-523D153F9FD4} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [2016-04-27] (Bitdefender)
Task: {C0951833-31D9-448B-80A0-613973DE0DF0} - System32\Tasks\{3F8AE370-A598-4CA5-8D51-7A8B15B0BE09} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {EB83B838-6799-4D6A-8448-DA2C97437310} - System32\Tasks\{35696DF7-788C-4F20-A311-4F28FE9F1647} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {ED725C16-2331-450E-B7BC-D03CBD288D8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-30] (Microsoft Corporation)
Task: {FB8DAC75-D21C-4833-A43F-C83618AE6543} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-02 14:12 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-04-11 10:18 - 2016-04-11 10:18 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02151_003\ashttpbr.mdl
2016-04-11 10:18 - 2016-04-11 10:18 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02151_003\ashttpdsp.mdl
2016-04-11 10:18 - 2016-04-11 10:18 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02151_003\ashttpph.mdl
2016-04-11 10:18 - 2016-04-11 10:18 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02151_003\ashttprbl.mdl
2016-03-30 23:58 - 2016-03-21 22:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-30 17:21 - 2016-04-24 14:24 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-13 14:14 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 14:14 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-21 10:05 - 2016-04-21 10:05 - 00959176 _____ () C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-04-30 17:26 - 2016-04-30 17:26 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 09:27 - 2016-04-19 09:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 00:48 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 14:12 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 14:12 - 2016-04-01 23:26 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-11-16 21:59 - 2015-11-16 21:59 - 00405416 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-13 14:13 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 14:13 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 14:14 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 14:14 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-13 14:13 - 2016-04-01 23:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-11-16 21:55 - 2015-11-16 21:55 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2016-04-30 10:04 - 2016-04-30 10:04 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-04-19 09:27 - 2016-04-19 09:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:27 - 2016-04-19 09:27 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-30 23:59 - 2016-03-24 01:35 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-21 10:05 - 2016-04-21 10:05 - 00679624 _____ () C:\Users\Kevin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-02-18 22:51 - 2016-03-10 20:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-18 22:51 - 2016-03-31 16:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-18 22:51 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-18 22:51 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-18 22:51 - 2016-03-31 16:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 23:10 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-18 22:51 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-15 16:13 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-04-15 16:13 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-02-18 22:51 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
AlternateDataStreams: C:\Users\Kevin\Downloads\adwcleaner_5.113.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\filmora_setup_full846.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\NexonLauncherSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\RogueKiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\Setup.x86.en-US_ProPlusRetail_QBWVN-BP7P8-K9FXB-J23RY-7MH7H_TX_PR_act_1_.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\spywareblastersetup54.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\ViberSetup.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-19 00:24 - 2016-05-02 23:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2927064332-1517903795-2755176479-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E89E6FD-F468-443C-B77A-D5F03C3EE96A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F8508BD-8069-454E-B94B-21CC8EE0D9D4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1466C49A-7DB6-490B-B13B-05D9F123E555}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F5EE0ED-E61B-414A-A33D-9828BE5DE1A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3266C899-EB03-45B6-B8AB-92E49AD828A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A06F5FA7-0ABD-4771-B36F-D0378619498C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{421B5462-1187-40CF-BF6B-87631FF28A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{55CF0473-641B-48CA-9C03-B9DE38E64436}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{8C0ED6A1-FB3B-4449-9B3A-44AFE3A0684D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D735DD6B-284D-4CA7-A8EC-ABE15F4A4460}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5F20885C-5D4C-45FF-8B38-3FE534B887E1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B3019C50-C677-47BE-9AE3-F326DF001362}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B4C8D4B-5178-47D8-808F-7A83C293B22B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E6D44B1D-09D0-4B4D-8606-E8DBE145CCD0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8AA56551-FE89-43AD-A3B4-E6866CAB11C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7D5421B2-AC31-4154-8675-DBEDF98ABA77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{45C23D54-FE6E-4D82-9BFD-17BA3EF3AC4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8A8BA6AA-F399-4185-8FD1-831A9B19CA2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D2AB5A91-3B4F-4762-B529-4D3DF9FCEE86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7005F911-E3D3-48E9-A2B8-4C35A7B74CD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E5ED447E-5457-4D4F-9F14-773A02F70E0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{AD5C3ED2-3BD1-492B-A53A-C0FF7CFE461D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{C0A35AA7-6AD7-4323-821A-E3C128697853}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{18A86F69-9E3D-493C-AECD-2CEB02E7E274}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AD7095DB-2892-4658-853D-8F10D03C1DF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4A26EF3A-D35E-4BAF-AD6C-3E46B45CD4AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8C188F44-D72C-46BC-966D-368B5052F6CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1D5225D0-5A13-4956-A808-A824AC147337}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-04-2016 12:05:48 Scheduled Checkpoint
01-05-2016 12:31:00 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/01/2016 10:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x28d4
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x17a0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:44:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1cb8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:07:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0xdf8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x2a2c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 08:10:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (05/01/2016 12:59:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1f10
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 12:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/30/2016 08:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xbe4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (04/30/2016 08:02:18 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3044) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1601(dir.cxx:753): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 

System errors:
=============
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 08:18:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 08:18:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 08:17:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 08:17:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 

CodeIntegrity:
===================================
  Date: 2016-04-30 18:24:32.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-30 18:24:12.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-30 17:25:43.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-15 16:15:17.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-14 03:37:00.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-02 04:19:30.476
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-30 04:23:01.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-28 11:30:10.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-27 12:11:02.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-26 08:35:17.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 38%
Total physical RAM: 8104.27 MB
Available physical RAM: 4971.36 MB
Total Virtual: 9384.27 MB
Available Virtual: 5904.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.92 GB) (Free:167.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: D7916CC8)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 AM

Posted 03 May 2016 - 02:54 AM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 11:39 AM

  Results of screen317's Security Check version 1.014 --- 12/23/15 

x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender       
Bitdefender Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.4   
 Google Chrome (49.0.2623.112)
 Google Chrome (50.0.2661.94)
 Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent```````` 
 Bitdefender Bitdefender 2016 vsserv.exe 
 Bitdefender Agent ProductAgentService.exe  
 Bitdefender Bitdefender 2016 updatesrv.exe 
 Bitdefender Bitdefender 2016 bdagent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


Edited by tanhed123, 03 May 2016 - 11:40 AM.


#6 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 01:43 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

Database version:

  main:    v2016.05.03.06

  rootkit: v2016.04.17.01

Windows 10 x64 NTFS

Internet Explorer 11.212.10586.0

Kevin :: DESKTOP-O508F63 [administrator]

5/3/2016 12:36:25 PM

mbar-log-2016-05-03 (12-36-25).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 332255

Time elapsed: 9 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)



#7 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 01:45 PM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Kevin (administrator) on 03-05-2016 at 14:44:43
Running from "C:\Users\Kevin\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: 20378 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ==============================
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 

popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-O508F63
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : twmi.rr.com
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-76-1C-15-20-36
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : D0-7E-35-09-58-36
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : twmi.rr.com
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : D0-7E-35-09-58-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a490:cc08:c3d9:ef86%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.181(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 3, 2016 9:19:49 AM
   Lease Expires . . . . . . . . . . : Tuesday, May 10, 2016 9:19:49 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 47218229
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-58-61-3D-F0-76-1C-15-20-36
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : D0-7E-35-09-58-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.twmi.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : twmi.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1cf7:3717:b48d:dc3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cf7:3717:b48d:dc3%9(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-58-61-3D-F0-76-1C-15-20-36
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dlinkrouter
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:806::200e
   216.58.192.206
 

Pinging google.com [216.58.192.174] with 32 bytes of data:
Reply from 216.58.192.174: bytes=32 time=16ms TTL=53
Reply from 216.58.192.174: bytes=32 time=16ms TTL=53
 
Ping statistics for 216.58.192.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  dlinkrouter
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   206.190.36.45
   98.138.253.109
   98.139.183.24
 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=34ms TTL=49
Reply from 98.138.253.109: bytes=32 time=33ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 34ms, Average = 33ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...f0 76 1c 15 20 36 ......Realtek PCIe GBE Family Controller
  7...d0 7e 35 09 58 36 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...d0 7e 35 09 58 35 ......Intel® Dual Band Wireless-AC 3160
  4...d0 7e 35 09 58 39 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.181     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.181    266
    192.168.0.181  255.255.255.255         On-link     192.168.0.181    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.181    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.181    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.181    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  9    306 2001::/32                On-link
  9    306 2001:0:9d38:6ab8:1cf7:3717:b48d:dc3/128
                                    On-link
  3    266 fe80::/64                On-link
  9    306 fe80::/64                On-link
  9    306 fe80::1cf7:3717:b48d:dc3/128
                                    On-link
  3    266 fe80::a490:cc08:c3d9:ef86/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  9    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [55808] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
 
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 05 C:\WINDOWS\System32\mswsock.dll [312160] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\WINDOWS\System32\winrnr.dll [23552] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
 
Catalog5 07 C:\WINDOWS\System32\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/03/2016 01:45:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (05/01/2016 10:06:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x28d4
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:50:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x17a0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:44:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1cb8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:07:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0xdf8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 09:00:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x2a2c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 08:10:22 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (05/01/2016 12:59:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1f10
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (05/01/2016 12:31:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/30/2016 08:02:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xbe4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 

System errors:
=============
Error: (05/03/2016 01:37:14 PM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/03/2016 01:37:14 PM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/03/2016 10:42:41 AM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/03/2016 02:20:59 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/03/2016 12:12:30 AM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/03/2016 12:12:30 AM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/03/2016 12:04:49 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/02/2016 11:42:48 PM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:42:48 PM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (05/02/2016 11:08:48 PM) (Source: DCOM) (User: DESKTOP-O508F63)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-O508F63KevinS-1-5-21-2927064332-1517903795-2755176479-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 

Microsoft Office Sessions:
=========================
Error: (05/03/2016 01:45:54 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (05/01/2016 10:06:14 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3a28d401d1a417331c44edC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dll31600c9a-f486-42cc-8f1f-5d7cb7e09bb3Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 09:50:33 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3a17a001d1a412cd5a6c8eC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dll7d2d3e1a-5097-4011-a4e0-05ed7a9d9b79Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 09:44:24 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3a1cb801d1a40e085c4185C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dll0942fc60-496b-4517-8e25-b9849e17e202Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 09:07:58 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3adf801d1a407b2419a95C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dllb27fcbea-b4e6-4dba-9b4a-bda162606832Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 09:00:33 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3a2a2c01d1a40aea8ec9e7C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dlld6b6a9e9-88b5-4208-a24b-3d611c9dc013Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 08:10:22 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (05/01/2016 12:59:55 PM) (Source: Application Error)(User: )
Description: microsoftedgecp.exe11.0.10586.2056540c35igd10iumd64.dll10.18.15.427955db7ecec00000050000000000151c3a1f1001d1a3bcb7fd5da7C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\WINDOWS\SYSTEM32\igd10iumd64.dll10898a16-e12c-4e4e-864b-9280d0052c87Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (05/01/2016 12:31:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (04/30/2016 08:02:18 PM) (Source: Application Error)(User: )
Description: svchost.exe10.0.10586.05632d7baESENT.dll10.0.10586.21256fa1686c0000602000000000022885fbe401d1a226cb77dacfC:\WINDOWS\system32\svchost.exec:\windows\system32\ESENT.dll7827d29f-d81e-4de1-8845-b7980cf38bbe
 

CodeIntegrity Errors:
===================================
  Date: 2016-04-30 18:24:32.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-30 18:24:12.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-30 17:25:43.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-15 16:15:17.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-14 03:37:00.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-02 04:19:30.476
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-30 04:23:01.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-28 11:30:10.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-27 12:11:02.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-26 08:35:17.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

=========================== Installed Programs ============================
 
Battleborn (HKLM\...\Steam App 394230) (Version:  - Gearbox Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.26.1418 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6769.2040 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6729.1019 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.2.46 - NVIDIA Corporation) Hidden
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
Viber (HKCU\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Wondershare Filmora(Build 7.1.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
========================= Devices: ================================
 

========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 8104.27 MB
Available physical RAM: 3548.13 MB
Total Virtual: 9434.74 MB
Available Virtual: 3445.59 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:237.92 GB) (Free:147.27 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-O508F63
 
Administrator            DefaultAccount           Guest                   
Kevin                   
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
24-04-2016 16:05:48 Scheduled Checkpoint
01-05-2016 16:31:00 Scheduled Checkpoint
03-05-2016 05:45:52 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
 
**** End of log ****


#8 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 01:49 PM

# AdwCleaner v5.115 - Logfile created 03/05/2016 at 14:47:52
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Kevin - DESKTOP-O508F63
# Running from : C:\Users\Kevin\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 

***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ WMI ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 

***** [ Web browsers ] *****
 

*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1003 bytes] - [14/04/2016 16:08:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [1235 bytes] - [15/04/2016 17:42:11]
C:\AdwCleaner\AdwCleaner[C3].txt - [1282 bytes] - [24/04/2016 16:57:27]
C:\AdwCleaner\AdwCleaner[C4].txt - [1427 bytes] - [30/04/2016 20:02:11]
C:\AdwCleaner\AdwCleaner[C5].txt - [1006 bytes] - [03/05/2016 14:47:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [750 bytes] - [14/04/2016 16:07:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [975 bytes] - [15/04/2016 17:40:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1040 bytes] - [15/04/2016 17:48:43]
C:\AdwCleaner\AdwCleaner[S4].txt - [1120 bytes] - [24/04/2016 16:56:39]
C:\AdwCleaner\AdwCleaner[S5].txt - [1266 bytes] - [30/04/2016 20:01:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [1432 bytes] - [03/05/2016 13:31:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [1505 bytes] - [03/05/2016 14:47:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1588 bytes] ##########


#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 AM

Posted 03 May 2016 - 02:10 PM

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***



:step3: Copy FRST / FSRT64.exe to your desktop!

Log on to all your user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
AlternateDataStreams: C:\Users\Kevin\Downloads\adwcleaner_5.113.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\filmora_setup_full846.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\NexonLauncherSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\RogueKiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\Setup.x86.en-US_ProPlusRetail_QBWVN-BP7P8-K9FXB-J23RY-7MH7H_TX_PR_act_1_.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\spywareblastersetup54.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\ViberSetup.exe:BDU [0]
EmptyTemp:
End



NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 04:33 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Kevin (2016-05-03 17:27:27) Run:1
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available Profiles: Kevin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
AlternateDataStreams: C:\Users\Kevin\Downloads\adwcleaner_5.113.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\filmora_setup_full846.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\NexonLauncherSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\RogueKiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\Setup.x86.en-US_ProPlusRetail_QBWVN-BP7P8-K9FXB-J23RY-7MH7H_TX_PR_act_1_.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\spywareblastersetup54.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe:BDU [0]
AlternateDataStreams: C:\Users\Kevin\Downloads\ViberSetup.exe:BDU [0]
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\Kevin\Downloads\adwcleaner_5.113.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\filmora_setup_full846.exe => ":BDU" ADS removed successfully.
"C:\Users\Kevin\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Kevin\Downloads\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\NexonLauncherSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\rkill.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\RogueKiller.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\Setup.x86.en-US_ProPlusRetail_QBWVN-BP7P8-K9FXB-J23RY-7MH7H_TX_PR_act_1_.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\spywareblastersetup54.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\SUPERAntiSpyware.exe => ":BDU" ADS removed successfully.
C:\Users\Kevin\Downloads\ViberSetup.exe => ":BDU" ADS removed successfully.
EmptyTemp: => 1.3 GB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 17:27:37 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64
Ran by Kevin (Administrator) on Tue 05/03/2016 at 17:08:18.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 0
 
 
 

Registry: 0
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/03/2016 at 17:12:03.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.05.03.07
  rootkit: v2016.04.17.01
 
Windows 10 x64 NTFS
Internet Explorer 11.212.10586.0
Kevin :: DESKTOP-O508F63 [administrator]
 
5/3/2016 5:09:13 PM
mbar-log-2016-05-03 (17-09-13).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 332139
Time elapsed: 9 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 AM

Posted 03 May 2016 - 05:14 PM


Hi,

:step1: Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

***


:step2: ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


:step3: How the computer is running now?

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 08:29 PM

Sophos did not find anything
 
Emsisoft Emergency Kit - Version 11.0
Last update: 5/3/2016 9:27:38 PM
User account: DESKTOP-O508F63\Kevin
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 5/3/2016 9:27:43 PM
 
Scanned 73420
Found 0
 
Scan end: 5/3/2016 9:28:03 PM
Scan time: 0:00:20

 

 

 


Edited by tanhed123, 03 May 2016 - 08:30 PM.


#13 tanhed123

tanhed123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 03 May 2016 - 08:31 PM

It is still running the same as before, not slower or faster



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 AM

Posted 04 May 2016 - 01:51 AM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

***


How the computer is running now?

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 AM

Posted 06 May 2016 - 07:38 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users