Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

41 differernt SSDT:Inl (Hook.SSDT)-s in tm.sys


  • This topic is locked This topic is locked
11 replies to this topic

#1 BaconFarmer

BaconFarmer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 17 July 2016 - 04:51 AM

My suspicion started, when I wanted to register to a website and I was told that, I am a spammer, I quickly checked some websites entered my ip, and found one that said infected, with Necrus(or something like that) spambot, Downloaded from legit websites removal tools for it, but nothing was found. I had windows 7 running on my pc at the time.(Could be the person who last had this ip)
Ran some tools, but none of them could find anything, only Roguekiller could find some SSDT:Inl (Hook.SSDT)-s(only when not connected to the internet), and the registry key which even now keeps re-appearing. After a long time I decided to run ComboFix, ComboFix most likely was able to find something,because at the bottom of the log every time I ran it 2 md5 hashes were located(1 was always the same, and the other always different).
Seeing that something always came back, I decided to download Windows 8.1 Prof N from dreamspark. Made a bootable usb with rufus, and during the installation I deleted all the partitions I saw, created a new one and went on format. To go sure I downloaded some tools and checked my system after installation, and again only RogueKiller could find something:
Detection: Suspicious.Path Type:Process Module [PID of explorer.exe] explorer.exe, C:\Windows\ucrtbase.dll
Also made a copy of ucrtbase.dll with modified extension, and when I tried to upload it to
virustotal it would hang on please wait while the scan starts part, also if I unload it with Roguekiller and scan it again it is loaded again.
Detection:PUM.Proxy Type: Registry:Proxy HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad|00-0b-00-00-ad-d0
This comes back only if I am connected to the internet, and the 00.. part is most likely the mac address from either the router, or my brothers laptop, who was in china not long ago.
It also detected 41 different SSDT:Inl (Hook.SSDT)-s in C:\Windows\System32\Drivers\tm.sys.
(It can only detect the Hooks while not connected to the internet.)
After this I made some wireshark captures when nothing was running and found packets from some ip-s that looked suspicious like the one connected to
no-reverse-dns-configured.com, which is on some lists, so I decided to quickly make additional rules in windows firewall to block connections from/to those ips.
Scanned with multiple anti-rootkits but none of them could find anything(aswMBR,malwarebytes anti-malware/anti-rootkit,tdsskiller, sysinternals rootkit revealer wasn't able
to install itself,and sadly combofix can't be used on windows 8).It also could be that I wasn't able to fully understand the log files.

FRST(Made while not connected to the internet)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2016
Ran by BaconFarmer (administrator) on BACONVILLE (17-07-2016 11:41:35)
Running from C:\Users\BaconFarmer\Downloads
Loaded Profiles: BaconFarmer (Available Profiles: BaconFarmer)
Platform: Microsoft Windows 8.1 Pro N (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sysinternals - www.sysinternals.com) C:\Users\BaconFarmer\Downloads\SysinternalsSuite\procexp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E8BE0F72-800F-4EFB-A606-9707D5E01832}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4185273805-756655735-625963072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

FireFox:
========
FF ProfilePath: C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Extension: WOT - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-07-16]
FF Extension: NoScript - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-07-16]
FF Extension: Ghostery - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default\Extensions\firefox@ghostery.com.xpi [2016-07-16]
FF Extension: Self-Destructing Cookies - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-07-16]
FF Extension: uBlock Origin - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\n8fp8hqr.default\Extensions\uBlock0@raymondhill.net.xpi [2016-07-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IEJ; C:\Users\BaconFarmer\AppData\Local\Temp\IEJ.exe [514944 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 LN; C:\Users\BaconFarmer\AppData\Local\Temp\LN.exe [408448 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 QQLDLIFYTPALX; C:\Users\BaconFarmer\AppData\Local\Temp\QQLDLIFYTPALX.exe [363392 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 YTJBZYWE; C:\Users\BaconFarmer\AppData\Local\Temp\YTJBZYWE.exe [519040 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-07-17] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [29128 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [214368 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
S4 94137808; system32\drivers\83830534.sys [X]
U3 aswMBR; \??\C:\Users\BACONF~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\BACONF~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 11:41 - 2016-07-17 11:41 - 00005629 _____ C:\Users\BaconFarmer\Downloads\FRST.txt
2016-07-17 11:04 - 2016-07-17 11:04 - 00001777 _____ C:\Users\BaconFarmer\Desktop\aswMBR.txt
2016-07-17 11:04 - 2016-07-17 11:04 - 00000512 _____ C:\Users\BaconFarmer\Desktop\MBR.dat
2016-07-17 10:45 - 2016-07-17 10:45 - 237104825 _____ C:\Windows\MEMORY.DMP
2016-07-17 10:45 - 2016-07-17 10:45 - 00163432 _____ C:\Windows\Minidump\071716-17406-01.dmp
2016-07-17 10:45 - 2016-07-17 10:45 - 00000000 ____D C:\Windows\Minidump
2016-07-17 10:30 - 2016-07-17 11:41 - 00002659 _____ C:\Users\BaconFarmer\Desktop\ble.txt
2016-07-17 01:03 - 2016-07-16 15:12 - 00000000 ____D C:\Windows\Panther
2016-07-16 23:07 - 2016-07-16 23:10 - 00000000 ____D C:\Users\BaconFarmer\Desktop\MadSus
2016-07-16 23:00 - 2016-07-16 23:00 - 10703968 _____ C:\Users\BaconFarmer\Desktop\c3.pcapng
2016-07-16 22:33 - 2016-07-16 22:33 - 00041536 _____ C:\Users\BaconFarmer\Desktop\c2.pcapng
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Macromedia
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Macromedia
2016-07-16 19:50 - 2016-07-17 10:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-16 19:50 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Adobe
2016-07-16 19:37 - 2016-07-16 19:38 - 00195188 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_19.37.47_log.txt
2016-07-16 19:36 - 2016-07-16 19:36 - 00003160 ____N C:\bootsqm.dat
2016-07-16 19:34 - 2016-07-16 19:34 - 00004224 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_19.34.23_log.txt
2016-07-16 19:33 - 2016-07-16 19:33 - 00329600 _____ C:\Users\BaconFarmer\Desktop\c1.pcapng
2016-07-16 19:07 - 2016-07-16 19:07 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Wireshark
2016-07-16 18:57 - 2016-07-16 18:57 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\WinPcap
2016-07-16 18:54 - 2016-07-16 18:54 - 00001774 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-07-16 18:54 - 2016-07-16 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-16 18:53 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\Wireshark
2016-07-16 18:10 - 2016-07-16 18:10 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\CEF
2016-07-16 18:09 - 2016-07-16 18:09 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-16 18:08 - 2016-07-17 10:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-16 18:08 - 2016-07-16 18:08 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-16 18:07 - 2016-07-16 18:07 - 06253800 _____ (AVAST Software) C:\Users\BaconFarmer\Downloads\avast_free_antivirus_setup_online.exe
2016-07-16 17:41 - 2016-07-16 17:42 - 00189958 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_17.41.40_log.txt
2016-07-16 17:37 - 2016-07-16 17:37 - 00189178 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_17.37.09_log.txt
2016-07-16 17:35 - 2016-07-16 17:35 - 00004220 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_17.35.31_log.txt
2016-07-16 17:32 - 2016-07-16 17:32 - 00000000 ____D C:\Windows\pss
2016-07-16 17:30 - 2016-07-16 17:30 - 05198336 _____ (AVAST Software) C:\Users\BaconFarmer\Desktop\aswMBR.exe
2016-07-16 17:27 - 2016-07-17 10:35 - 00000000 ____D C:\Users\BaconFarmer\Downloads\SysinternalsSuite
2016-07-16 17:12 - 2016-07-17 11:41 - 00000000 ____D C:\FRST
2016-07-16 17:04 - 2016-07-16 23:05 - 00000000 ____D C:\Users\BaconFarmer\Desktop\mbar
2016-07-16 17:04 - 2016-07-16 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-16 17:03 - 2016-07-16 17:03 - 00002726 _____ C:\Users\BaconFarmer\Downloads\FSS.txt
2016-07-16 17:03 - 2016-07-16 17:03 - 00000000 ____D C:\Users\BaconFarmer\Downloads\backups
2016-07-16 17:00 - 2016-07-16 17:00 - 00006519 _____ C:\Users\BaconFarmer\Downloads\Result.txt
2016-07-16 16:58 - 2016-07-16 16:58 - 00068820 _____ C:\Users\BaconFarmer\Downloads\MTB.txt
2016-07-16 16:56 - 2016-07-16 16:57 - 00189814 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_16.56.08_log.txt
2016-07-16 16:53 - 2016-07-16 16:53 - 16563352 _____ (Malwarebytes Corp.) C:\Users\BaconFarmer\Downloads\mbar-1.09.3.1001(1).exe
2016-07-16 16:52 - 2016-07-16 16:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\BaconFarmer\Downloads\mbar-1.09.3.1001.exe
2016-07-16 16:51 - 2016-07-16 16:53 - 00004224 _____ C:\TDSSKiller.3.1.0.9_16.07.2016_16.51.47_log.txt
2016-07-16 16:33 - 2016-07-16 16:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\BaconFarmer\Downloads\tdsskiller.exe
2016-07-16 16:32 - 2016-07-16 16:32 - 05659291 _____ (Swearware) C:\Users\BaconFarmer\Downloads\ComboFix.exe
2016-07-16 16:32 - 2016-07-16 16:32 - 01610560 _____ (Malwarebytes) C:\Users\BaconFarmer\Downloads\JRT.exe
2016-07-16 16:31 - 2016-07-16 16:31 - 01741824 _____ (Farbar) C:\Users\BaconFarmer\Downloads\FRST.exe
2016-07-16 16:31 - 2016-07-16 16:31 - 00899584 _____ (Farbar) C:\Users\BaconFarmer\Downloads\FSS.exe
2016-07-16 16:31 - 2016-07-16 16:31 - 00892416 _____ (Farbar) C:\Users\BaconFarmer\Downloads\MiniToolBox.exe
2016-07-16 16:30 - 2016-07-16 16:30 - 00852798 _____ C:\Users\BaconFarmer\Downloads\SecurityCheck.exe
2016-07-16 16:30 - 2016-07-16 16:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\BaconFarmer\Downloads\HijackThis.exe
2016-07-16 16:29 - 2016-07-16 16:29 - 03664452 _____ C:\Users\BaconFarmer\Downloads\VT Hash.zip
2016-07-16 16:29 - 2016-07-16 16:29 - 00860160 _____ (Farbar) C:\Users\BaconFarmer\Downloads\ListParts.exe
2016-07-16 16:27 - 2016-07-17 09:48 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-16 16:27 - 2016-07-16 16:27 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-16 16:27 - 2016-07-16 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-16 16:27 - 2016-07-16 16:27 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-16 16:22 - 2016-07-16 16:22 - 03719928 _____ (Zemana Ltd. ) C:\Users\BaconFarmer\Downloads\AntiLoggerFree_Setup.exe
2016-07-16 16:21 - 2016-07-16 16:21 - 31211544 _____ (Adlice Software ) C:\Users\BaconFarmer\Downloads\setup.exe
2016-07-16 16:15 - 2016-07-16 16:15 - 43987120 _____ (Wireshark development team) C:\Users\BaconFarmer\Downloads\Wireshark-win32-2.0.4.exe
2016-07-16 16:15 - 2016-07-16 16:15 - 21153704 _____ C:\Users\BaconFarmer\Downloads\SysinternalsSuite.zip
2016-07-16 16:08 - 2016-07-16 16:09 - 227389736 _____ (NVIDIA Corporation) C:\Users\BaconFarmer\Downloads\341.95-desktop-win8-win7-winvista-32bit-international(1).exe
2016-07-16 16:07 - 2016-07-16 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-16 16:06 - 2016-07-16 16:06 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\NVIDIA
2016-07-16 16:04 - 2016-07-16 22:43 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-16 16:04 - 2016-07-16 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-16 22:42 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-16 16:03 - 2016-07-16 16:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-16 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-16 16:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-16 16:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-16 15:37 - 2016-07-16 15:37 - 22851472 _____ (Malwarebytes ) C:\Users\BaconFarmer\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-16 15:35 - 2016-07-16 15:35 - 07991656 _____ (Piriform Ltd) C:\Users\BaconFarmer\Downloads\ccsetup519.exe
2016-07-16 15:34 - 2016-07-16 15:35 - 227389736 _____ (NVIDIA Corporation) C:\Users\BaconFarmer\Downloads\341.95-desktop-win8-win7-winvista-32bit-international.exe
2016-07-16 15:30 - 2016-07-16 15:30 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\ElevatedDiagnostics
2016-07-16 15:18 - 2016-07-17 10:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-16 15:18 - 2014-07-02 19:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-07-16 15:17 - 2016-07-16 15:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-16 15:17 - 2016-07-16 15:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-16 15:17 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-07-16 15:17 - 2014-07-02 21:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-16 15:17 - 2014-07-02 21:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-07-16 15:17 - 2014-07-02 21:42 - 02556360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-16 15:17 - 2014-07-02 21:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-16 15:17 - 2014-07-02 21:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-16 15:17 - 2014-07-02 21:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-16 15:17 - 2014-07-02 07:14 - 03826628 _____ C:\Windows\system32\nvcoproc.bin
2016-07-16 15:14 - 2016-07-16 15:20 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-16 15:12 - 2016-07-17 10:45 - 00000000 ____D C:\Users\BaconFarmer
2016-07-16 15:12 - 2016-07-16 17:02 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\VirtualStore
2016-07-16 15:12 - 2016-07-16 15:38 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Packages
2016-07-16 15:12 - 2016-07-16 15:12 - 00001442 _____ C:\Users\BaconFarmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-16 15:12 - 2016-07-16 15:12 - 00000020 ___SH C:\Users\BaconFarmer\ntuser.ini
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\My Documents
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Videos
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Pictures
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Music
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Adobe
2016-07-16 15:11 - 2016-07-17 10:52 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 15:09 - 2016-07-16 15:09 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 10:52 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2016-07-17 10:45 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-17 01:02 - 2013-08-22 10:17 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-07-16 19:50 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-16 16:53 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-16 16:16 - 2013-08-22 10:06 - 00000000 ____D C:\Windows\CbsTemp
2016-07-16 15:38 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\AppReadiness
2016-07-16 15:21 - 2013-08-22 10:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-16 15:17 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Help
2016-07-16 15:12 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-07-16 15:12 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\WinStore
2016-07-16 15:12 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\FileManager
2016-07-16 15:12 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Camera
2016-07-16 15:06 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\rescache
2016-07-16 15:03 - 2013-08-22 09:22 - 00334088 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\BaconFarmer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\BaconFarmer\AppData\Local\Temp\IEJ.exe
C:\Users\BaconFarmer\AppData\Local\Temp\LN.exe
C:\Users\BaconFarmer\AppData\Local\Temp\QQLDLIFYTPALX.exe
C:\Users\BaconFarmer\AppData\Local\Temp\URB.exe
C:\Users\BaconFarmer\AppData\Local\Temp\YTJBZYWE.exe
C:\Users\BaconFarmer\AppData\Local\Temp\ZVLKIE.exe
(Not from frst) some of these are from sysinternals rootkit revealer

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-16 15:03

==================== End of FRST.txt ============================

 

Thank you for your time and help in advance. BaconFarmer

Attached Files



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 20 July 2016 - 09:55 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello BaconFarmer,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 BaconFarmer

BaconFarmer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 July 2016 - 02:24 AM

Hi mAl, thanks for helping me.

 

I would like to update you on the current state of my computer. There was a 8383...-sys in the logs, in safe mode I managed to remove the key it had in registry(backed it up in a .reg file if needed), and also disabled the hidden service with gmer. Also found just number keys in safe mode/minimal and /network, I did the same with these, backed them up and deleted them. And the dll in temp folder comes back quikcly if deleted manually and only comes back after some time if deleted with frst.(The original file from the dll in temp is ntdll.dll, and what I found strange is that the last modified date is exactly the same as from ntdll, also the just number things could be from some anti rootkit, which I ran.)

Finally I managed to get a copy from everything that was on my small second partition with kaspersky rescue disk, which was created at installation, if needed I could provide you with that too. I now ran delfix and will wait for further instructions from you.

Forgot to mention that now roguekiller won't detect the registry key(it is still there), and neither the thing with explorer.exe(might be because of the disabled service), but it still only detects the 41 inline hooks, if I am not connected to the internet.

 

Searched quickly out everything that I had cleared:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-4185273805-756655735-625963072-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
S3 IEJ; C:\Users\BaconFarmer\AppData\Local\Temp\IEJ.exe [514944 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 LN; C:\Users\BaconFarmer\AppData\Local\Temp\LN.exe [408448 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 QQLDLIFYTPALX; C:\Users\BaconFarmer\AppData\Local\Temp\QQLDLIFYTPALX.exe [363392 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]
S3 YTJBZYWE; C:\Users\BaconFarmer\AppData\Local\Temp\YTJBZYWE.exe [519040 2016-07-17] (Sysinternals - www.sysinternals.com) [File not signed]

//These 4 above were from rootkit revealer
S4 94137808; system32\drivers\83830534.sys [X]
U3 aswMBR; \??\C:\Users\BACONF~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\BACONF~1\AppData\Local\Temp\aswVmm.sys [X]
C:\Users\BaconFarmer\AppData\Local\Temp\dllnt_dump.dll (Currently, but will come back)
C:\Users\BaconFarmer\AppData\Local\Temp\IEJ.exe
C:\Users\BaconFarmer\AppData\Local\Temp\LN.exe
C:\Users\BaconFarmer\AppData\Local\Temp\QQLDLIFYTPALX.exe
C:\Users\BaconFarmer\AppData\Local\Temp\URB.exe
C:\Users\BaconFarmer\AppData\Local\Temp\YTJBZYWE.exe
C:\Users\BaconFarmer\AppData\Local\Temp\ZVLKIE.exe
Task: {09947119-27BF-4E1F-9846-9D4A8AB0F251} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-16] (AVAST Software)
2016-07-16 15:17 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33251981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80174933.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94137808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33251981.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80174933.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94137808.sys => ""="Driver"
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
changed ConsentPromptBehaviorUser according to this https://msdn.microsoft.com/en-us/library/cc232762.aspx to 1
 

 

 

I hope this additional information helps you.

 

BaconFarmer


Edited by BaconFarmer, 21 July 2016 - 02:49 AM.


#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 21 July 2016 - 02:00 PM

Hello BaconFarmer,


Before we proceed any further, there are a few things we should address..
 

Some files in TEMP:
====================

...

(Not from frst) some of these are from sysinternals rootkit revealer

Please refrain from editing your logs.  I need to see the logs as they were created, no added comments and/or entries.




I now ran delfix and will wait for further instructions from you.

Delfix is used to remove the tools and logs commonly used during the malware removal proccess.  You ran a lot of tools prior to asking for help in the forum and now I can't see the reports that were created.  Do not run any more tools unless I ask you to, furthermore do not delete anything without checking with me first.



To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

 

Please re-read the rules outlined in my initial post.  Only after doing this you can proceed with the steps below..


Now let's get to work.. :)


Backup your registry using TCRB


  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


I would like to run another FRST scan..



  • Download FRST to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have any trouble performing the
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 BaconFarmer

BaconFarmer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 July 2016 - 03:04 PM

Hello mAL
 
Sorry about doing all those things already, I just can't sit still without doing something, and the registry backup went fine.

(I set up the firewall blocks so that if something is on the system it couldn't communicate easily.)

Here are the new logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2016
Ran by BaconFarmer (administrator) on BACONVILLE (21-07-2016 21:52:31)
Running from C:\Users\BaconFarmer\Downloads
Loaded Profiles: BaconFarmer (Available Profiles: BaconFarmer)
Platform: Microsoft Windows 8.1 Pro N (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E8BE0F72-800F-4EFB-A606-9707D5E01832}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-16] ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Extension: NoScript - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-07-20]
FF Extension: WOT - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-07-20]
FF Extension: Ghostery - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\firefox@ghostery.com.xpi [2016-07-20]
FF Extension: Self-Destructing Cookies - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-07-20]
FF Extension: uBlock Origin - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\uBlock0@raymondhill.net.xpi [2016-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-07-20] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [29128 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [214368 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 22:05 - 2016-07-21 22:05 - 00000000 _____ C:\Recovery.txt
2016-07-21 21:52 - 2016-07-21 21:52 - 00004473 _____ C:\Users\BaconFarmer\Downloads\FRST.txt
2016-07-21 21:52 - 2016-07-21 21:52 - 00000000 ____D C:\FRST
2016-07-21 21:51 - 2016-07-21 21:51 - 01743872 _____ (Farbar) C:\Users\BaconFarmer\Downloads\FRST.exe
2016-07-21 21:51 - 2016-07-21 21:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BACONVILLE-Windows-8.1-Pro-N-(32-bit).dat
2016-07-21 21:50 - 2016-07-21 21:50 - 05575304 _____ (Tweaking.com) C:\Users\BaconFarmer\Downloads\tweaking.com_registry_backup_setup.exe
2016-07-21 21:50 - 2016-07-21 21:50 - 00017583 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-07-21 21:50 - 2016-07-21 21:50 - 00002197 _____ C:\Users\BaconFarmer\Desktop\Tweaking.com - Registry Backup.lnk
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\RegBackup
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\Program Files\Tweaking.com
2016-07-21 11:59 - 2016-07-21 11:59 - 00000000 __SHD C:\found.004
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.003
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.002
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.001
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.000
2016-07-21 09:05 - 2016-07-21 09:05 - 00781312 _____ C:\Users\BaconFarmer\Downloads\delfix_1.010.exe
2016-07-20 20:26 - 2016-07-20 21:24 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-07-20 13:48 - 2016-07-21 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-20 13:48 - 2016-07-20 13:49 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-20 11:25 - 2016-07-21 13:07 - 00271496 _____ C:\Windows\ntbtlog.txt
2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\9413.reg
2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\80174933.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\33251981.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\2311.reg
2016-07-20 11:15 - 2016-07-20 11:15 - 00001771 _____ C:\config.ini
2016-07-19 21:53 - 2016-07-19 21:53 - 00161968 _____ C:\Windows\Minidump\071916-15000-01.dmp
2016-07-19 18:42 - 2016-07-19 18:43 - 00165408 _____ C:\Windows\Minidump\071916-17718-01.dmp
2016-07-19 18:05 - 2016-07-19 18:06 - 00000000 ____D C:\Windows\system32\MRT
2016-07-19 18:05 - 2016-07-19 18:05 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-19 18:02 - 2013-09-26 10:31 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2016-07-19 18:02 - 2013-09-26 10:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-19 18:02 - 2013-09-26 09:25 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2016-07-19 18:02 - 2013-09-26 09:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2016-07-19 18:02 - 2013-09-25 08:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-07-19 18:02 - 2013-09-25 07:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2016-07-19 18:02 - 2013-09-24 07:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2016-07-19 18:02 - 2013-09-24 07:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-07-19 18:02 - 2013-09-24 06:26 - 00944128 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-07-19 18:02 - 2013-09-24 05:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2016-07-19 18:02 - 2013-09-21 11:49 - 00493400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-07-19 18:02 - 2013-09-21 11:49 - 00197976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-07-19 18:02 - 2013-09-21 11:48 - 00130392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-07-19 18:02 - 2013-09-21 11:37 - 00489696 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-07-19 18:02 - 2013-09-21 11:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-07-19 18:02 - 2013-09-21 11:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-07-19 18:02 - 2013-09-21 11:18 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-19 18:02 - 2013-09-21 11:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-19 18:02 - 2013-09-21 11:09 - 00134784 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-19 18:02 - 2013-09-21 09:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-19 18:02 - 2013-09-21 09:02 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-19 18:02 - 2013-09-21 09:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-07-19 18:02 - 2013-09-21 08:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2016-07-19 18:02 - 2013-09-21 08:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2016-07-19 18:02 - 2013-09-21 07:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-07-19 18:02 - 2013-09-21 07:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-19 18:02 - 2013-09-21 07:29 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2016-07-19 18:02 - 2013-09-21 07:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-07-19 18:02 - 2013-09-21 07:19 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-07-19 18:02 - 2013-09-21 07:18 - 01198592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-07-19 18:02 - 2013-09-21 07:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-07-19 18:02 - 2013-09-21 07:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-07-19 18:02 - 2013-09-21 06:56 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-07-19 18:02 - 2013-09-21 06:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-07-19 18:02 - 2013-09-21 06:49 - 04975104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-07-19 18:02 - 2013-09-21 06:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-07-19 18:02 - 2013-09-21 06:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2016-07-19 18:02 - 2013-09-21 06:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-07-19 18:02 - 2013-09-19 08:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2016-07-19 18:02 - 2013-09-19 07:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2016-07-19 18:02 - 2013-09-19 07:38 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2016-07-19 18:02 - 2013-09-19 07:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2016-07-19 18:02 - 2013-09-19 06:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-07-19 18:02 - 2013-09-19 06:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2016-07-19 18:02 - 2013-09-19 06:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2016-07-19 18:02 - 2013-09-19 06:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-19 18:02 - 2013-09-19 06:10 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-07-19 18:02 - 2013-09-19 05:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2016-07-19 18:02 - 2013-09-19 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-07-19 18:02 - 2013-09-17 09:00 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-07-19 18:02 - 2013-09-17 07:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-19 18:02 - 2013-09-17 06:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-07-19 18:02 - 2013-09-17 06:00 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-07-19 18:02 - 2013-09-17 05:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2016-07-19 18:02 - 2013-09-14 14:42 - 00142168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2016-07-19 18:02 - 2013-09-14 12:43 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-19 18:02 - 2013-09-13 10:54 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2016-07-19 18:02 - 2013-09-13 10:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2016-07-19 18:02 - 2013-09-13 09:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-07-19 18:02 - 2013-09-12 09:17 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2016-07-19 18:02 - 2013-09-11 10:32 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-07-19 18:02 - 2013-09-11 10:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-19 18:02 - 2013-09-11 09:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-07-19 18:02 - 2013-09-07 14:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2016-07-19 18:02 - 2013-09-07 13:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2016-07-19 18:02 - 2013-09-07 13:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2016-07-19 18:02 - 2013-09-07 13:14 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2016-07-19 18:02 - 2013-09-07 13:06 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-07-19 18:02 - 2013-09-07 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2016-07-19 18:02 - 2013-09-07 12:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2016-07-19 18:02 - 2013-09-05 08:23 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2016-07-19 18:02 - 2013-09-05 07:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2016-07-19 18:02 - 2013-09-04 07:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2016-07-19 18:02 - 2013-09-04 07:22 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-07-19 18:02 - 2013-09-04 07:05 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-07-19 18:02 - 2013-09-04 06:47 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2016-07-19 18:02 - 2013-09-04 06:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2016-07-19 18:02 - 2013-09-04 06:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-07-19 18:02 - 2013-08-31 12:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2016-07-19 18:02 - 2013-08-31 11:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2016-07-19 18:02 - 2013-08-30 08:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2016-07-19 18:02 - 2013-08-28 08:55 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-07-19 18:02 - 2013-08-28 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2016-07-19 18:02 - 2013-08-27 07:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-07-19 18:01 - 2014-04-19 08:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-19 18:01 - 2014-03-10 10:43 - 01673048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-19 18:01 - 2014-03-10 10:43 - 00283992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-07-19 18:01 - 2013-11-11 02:50 - 00036696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2016-07-19 18:01 - 2013-11-08 10:40 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2016-07-19 18:01 - 2013-11-08 06:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2016-07-19 18:01 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-07-19 18:01 - 2013-11-08 05:30 - 01128448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-07-19 18:01 - 2013-11-08 05:05 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-07-19 18:01 - 2013-11-05 16:08 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-07-19 18:01 - 2013-11-05 15:19 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-07-19 18:01 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2016-07-19 18:01 - 2013-11-04 02:45 - 02038784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-07-19 18:01 - 2013-11-01 12:17 - 00077144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-07-19 18:01 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2016-07-19 18:01 - 2013-10-31 01:50 - 05753688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-19 18:01 - 2013-10-31 01:39 - 01261320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-19 18:01 - 2013-10-31 01:39 - 01159080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-07-19 18:01 - 2013-10-26 22:28 - 00120152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2016-07-19 18:01 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2016-07-19 18:01 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-07-19 18:01 - 2013-10-16 15:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-07-19 18:00 - 2014-01-08 02:55 - 00261464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-07-19 18:00 - 2014-01-08 02:35 - 01307992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-19 18:00 - 2014-01-08 02:35 - 00320856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-19 18:00 - 2014-01-04 17:08 - 00103936 _____ C:\Windows\system32\OEMLicense.dll
2016-07-19 18:00 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2016-07-19 18:00 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-07-19 18:00 - 2014-01-01 02:56 - 01445720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-19 18:00 - 2014-01-01 02:00 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-07-19 18:00 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2016-07-19 18:00 - 2013-12-31 01:33 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-07-19 18:00 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2016-07-19 18:00 - 2013-12-27 14:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2016-07-19 18:00 - 2013-12-27 14:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-07-19 18:00 - 2013-12-27 10:21 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2016-07-19 18:00 - 2013-12-27 09:27 - 11688448 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-19 18:00 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-07-19 18:00 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-07-19 18:00 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-07-19 18:00 - 2013-12-21 09:04 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2016-07-19 18:00 - 2013-12-17 08:13 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-07-19 18:00 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-07-19 18:00 - 2013-12-13 11:14 - 00077992 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-07-19 18:00 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-07-19 18:00 - 2013-12-09 01:25 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2016-07-19 18:00 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-07-19 18:00 - 2013-10-23 11:44 - 00104280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-07-19 18:00 - 2013-10-23 11:24 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2016-07-19 18:00 - 2013-10-23 11:21 - 00044904 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-07-19 18:00 - 2013-10-22 08:13 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2016-07-19 18:00 - 2013-10-22 08:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-19 18:00 - 2013-10-22 06:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-07-19 18:00 - 2013-10-22 05:02 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2016-07-19 18:00 - 2013-10-22 04:52 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-07-19 18:00 - 2013-10-22 03:59 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-07-19 18:00 - 2013-10-22 03:51 - 01634304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-19 18:00 - 2013-10-22 03:40 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-07-19 18:00 - 2013-10-19 08:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-19 18:00 - 2013-10-19 06:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-19 18:00 - 2013-10-19 06:44 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-19 18:00 - 2013-10-19 06:43 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-19 18:00 - 2013-10-19 06:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-19 18:00 - 2013-10-19 06:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-07-19 18:00 - 2013-10-19 05:56 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-19 18:00 - 2013-10-19 05:55 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-19 18:00 - 2013-10-19 05:09 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-19 18:00 - 2013-10-19 05:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-19 18:00 - 2013-10-16 11:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-07-19 18:00 - 2013-10-13 02:49 - 00207192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2016-07-19 18:00 - 2013-10-13 02:29 - 00706536 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-07-19 18:00 - 2013-10-11 15:03 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2016-07-19 18:00 - 2013-10-10 16:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-07-19 18:00 - 2013-10-10 16:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-19 18:00 - 2013-10-10 13:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-07-19 18:00 - 2013-10-10 13:12 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-07-19 18:00 - 2013-10-08 10:49 - 00415576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-07-19 18:00 - 2013-10-08 07:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-07-19 18:00 - 2013-10-08 07:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-07-19 18:00 - 2013-10-08 07:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-07-19 18:00 - 2013-10-08 06:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-07-19 18:00 - 2013-10-08 06:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-07-19 18:00 - 2013-10-07 08:07 - 00049544 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-19 18:00 - 2013-10-07 04:03 - 02833408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-19 18:00 - 2013-10-05 14:30 - 00321368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-07-19 18:00 - 2013-10-05 14:30 - 00047960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-07-19 18:00 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-07-19 18:00 - 2013-10-05 14:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-19 18:00 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-07-19 18:00 - 2013-10-05 11:59 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-19 18:00 - 2013-10-05 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-07-19 18:00 - 2013-10-05 10:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-07-19 18:00 - 2013-10-05 10:29 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-19 18:00 - 2013-10-05 10:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2016-07-19 18:00 - 2013-10-05 10:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-07-19 18:00 - 2013-10-05 10:00 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2016-07-19 18:00 - 2013-10-05 09:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-19 18:00 - 2013-10-04 10:00 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-07-19 18:00 - 2013-09-17 08:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-07-19 18:00 - 2013-09-17 07:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-19 18:00 - 2013-09-17 05:47 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-07-19 18:00 - 2013-09-14 14:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2016-07-19 18:00 - 2013-09-14 14:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2016-07-19 18:00 - 2013-09-14 11:29 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-07-19 18:00 - 2013-09-14 10:54 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-07-19 18:00 - 2013-09-13 09:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2016-07-19 18:00 - 2013-09-12 10:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2016-07-19 18:00 - 2013-09-12 09:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-07-19 18:00 - 2013-09-12 09:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-07-19 18:00 - 2013-09-12 09:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-07-19 18:00 - 2013-09-12 09:17 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2016-07-19 18:00 - 2013-09-12 09:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-07-19 18:00 - 2013-09-10 06:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2016-07-19 17:59 - 2014-02-11 05:32 - 03486208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-19 17:59 - 2013-11-27 16:09 - 02872688 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-07-19 17:59 - 2013-11-27 12:46 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2016-07-19 17:59 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-19 17:59 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-07-19 17:59 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2016-07-19 17:59 - 2013-10-10 13:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-07-19 17:59 - 2013-10-10 12:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-07-19 17:58 - 2013-09-26 08:44 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-07-19 17:58 - 2013-09-26 08:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2016-07-19 17:57 - 2013-12-20 10:26 - 01382208 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-19 17:57 - 2013-12-20 10:26 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-07-19 15:18 - 2016-07-19 15:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2016-07-19 15:18 - 2016-07-19 15:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR410.dat
2016-07-19 12:13 - 2016-07-19 16:38 - 00000303 _____ C:\Users\BaconFarmer\Desktop\blockit.bat
2016-07-19 12:04 - 2016-07-19 12:10 - 00002349 _____ C:\Users\BaconFarmer\Desktop\blockit.txt
2016-07-19 10:34 - 2016-07-19 10:34 - 00162048 _____ C:\Windows\Minidump\071916-13390-01.dmp
2016-07-18 17:15 - 2016-07-18 17:15 - 00161632 _____ C:\Windows\Minidump\071816-12062-01.dmp
2016-07-18 12:38 - 2016-07-18 12:21 - 00035904 _____ C:\Windows\system32\Drivers\xaydna8h.sys
2016-07-18 12:24 - 2016-07-18 12:24 - 00161256 _____ C:\Windows\Minidump\071816-24421-01.dmp
2016-07-18 12:23 - 2016-07-18 12:23 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\jl440fgi.sys
2016-07-18 12:22 - 2016-07-18 12:22 - 00164112 _____ C:\Windows\Minidump\071816-22421-01.dmp
2016-07-18 12:20 - 2016-07-18 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-18 12:20 - 2016-07-18 12:20 - 00000000 ____D C:\Program Files\AGEIA Technologies
2016-07-18 12:19 - 2016-01-29 10:45 - 00614848 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-07-18 12:18 - 2016-01-29 14:04 - 24207296 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 15302712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 14497760 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 11272240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 11209192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 10718264 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-18 12:18 - 2016-01-29 14:04 - 03994560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 01060400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234195.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00917048 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00912248 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234195.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00878648 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2016-07-18 12:17 - 2016-07-18 12:17 - 00000000 ____D C:\NVIDIA
2016-07-18 10:59 - 2016-07-18 10:59 - 00015916 _____ C:\Users\BaconFarmer\Desktop\8383_.s_ys.reg
2016-07-18 10:56 - 2016-07-18 10:56 - 00149080 _____ C:\Windows\Minidump\071816-12953-01.dmp
2016-07-18 10:40 - 2016-07-18 10:40 - 00149080 _____ C:\Windows\Minidump\071816-12390-01.dmp
2016-07-18 10:30 - 2016-07-18 10:30 - 00149080 _____ C:\Windows\Minidump\071816-13156-01.dmp
2016-07-18 10:28 - 2016-07-20 11:54 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\CrashDumps
2016-07-18 10:22 - 2016-07-18 10:23 - 00165496 _____ C:\Windows\Minidump\071816-13500-01.dmp
2016-07-18 10:17 - 2016-07-18 11:06 - 00000000 ____D C:\vba32arkit
2016-07-18 10:16 - 2016-07-20 23:16 - 00000000 ____D C:\gmer
2016-07-17 10:45 - 2016-07-19 21:53 - 222613177 _____ C:\Windows\MEMORY.DMP
2016-07-17 10:45 - 2016-07-19 21:53 - 00000000 ____D C:\Windows\Minidump
2016-07-17 10:45 - 2016-07-17 10:45 - 00163432 _____ C:\Windows\Minidump\071716-17406-01.dmp
2016-07-17 01:03 - 2016-07-16 15:12 - 00000000 ____D C:\Windows\Panther
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Macromedia
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Macromedia
2016-07-16 19:50 - 2016-07-21 20:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-16 19:50 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Adobe
2016-07-16 19:07 - 2016-07-16 19:07 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Wireshark
2016-07-16 18:57 - 2016-07-16 18:57 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\WinPcap
2016-07-16 18:54 - 2016-07-16 18:54 - 00001774 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-07-16 18:54 - 2016-07-16 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-16 18:53 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\Wireshark
2016-07-16 18:10 - 2016-07-16 18:10 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\CEF
2016-07-16 18:09 - 2016-07-20 11:15 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-16 18:08 - 2016-07-16 18:08 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-16 17:32 - 2016-07-16 17:32 - 00000000 ____D C:\Windows\pss
2016-07-16 17:27 - 2016-07-19 09:57 - 00000000 ____D C:\Users\BaconFarmer\Downloads\SysinternalsSuite
2016-07-16 17:04 - 2016-07-20 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-16 16:27 - 2016-07-20 21:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-16 16:27 - 2016-07-16 16:27 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-16 16:15 - 2014-01-31 16:04 - 00265560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-07-16 16:15 - 2014-01-31 11:02 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2016-07-16 16:15 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-07-16 16:15 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2016-07-16 16:15 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2016-07-16 16:15 - 2014-01-29 09:43 - 01883480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-07-16 16:15 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2016-07-16 16:15 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-07-16 16:15 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-07-16 16:15 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2016-07-16 16:15 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-07-16 16:15 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-07-16 16:15 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-07-16 16:15 - 2014-01-27 13:52 - 00386722 _____ C:\Windows\system32\ApnDatabase.xml
2016-07-16 16:15 - 2013-12-21 14:06 - 05251224 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-07-16 16:15 - 2013-12-21 10:08 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2016-07-16 16:14 - 2013-12-11 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2016-07-16 16:14 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-07-16 16:14 - 2013-11-27 13:03 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2016-07-16 16:14 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2016-07-16 16:14 - 2013-11-27 11:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-07-16 16:14 - 2013-11-27 11:01 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-07-16 16:14 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2016-07-16 16:14 - 2013-11-27 10:47 - 01284096 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-07-16 16:14 - 2013-11-27 10:23 - 03423744 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-07-16 16:14 - 2013-11-25 02:47 - 00116568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-16 16:14 - 2013-11-25 02:32 - 00871256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-16 16:14 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-07-16 16:14 - 2013-11-23 10:28 - 00030552 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2016-07-16 16:14 - 2013-11-23 08:14 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2016-07-16 16:14 - 2013-11-23 08:14 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2016-07-16 16:14 - 2013-11-23 08:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-16 16:14 - 2013-11-23 06:23 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-07-16 16:14 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-16 16:14 - 2013-11-21 08:10 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2016-07-16 16:14 - 2013-11-21 07:44 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-16 16:14 - 2013-11-15 15:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-07-16 16:14 - 2013-11-15 15:20 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-07-16 16:14 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-16 16:14 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-07-16 16:14 - 2013-10-05 14:05 - 01090808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-16 16:13 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-16 16:13 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-16 16:13 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-07-16 16:13 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-07-16 16:12 - 2014-03-06 09:32 - 01033368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-16 16:12 - 2014-03-06 09:10 - 00861984 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-16 16:12 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-16 16:12 - 2013-10-13 02:45 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2016-07-16 16:12 - 2013-10-12 23:14 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-07-16 16:12 - 2013-10-12 23:02 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-07-16 16:12 - 2013-10-03 11:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2016-07-16 16:12 - 2013-10-02 11:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-07-16 16:06 - 2016-07-16 16:06 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\NVIDIA
2016-07-16 16:04 - 2016-07-20 22:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-16 16:04 - 2016-07-16 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-20 13:02 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-16 16:03 - 2016-07-16 16:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-16 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-16 16:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-16 16:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-16 15:30 - 2016-07-16 15:30 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\ElevatedDiagnostics
2016-07-16 15:18 - 2016-07-21 13:05 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-16 15:17 - 2016-07-18 12:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-16 15:17 - 2016-07-16 15:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-16 15:17 - 2016-01-29 14:04 - 00067520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 04397624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 03068864 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 00678968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-16 15:17 - 2016-01-29 12:14 - 00381888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 00070200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-16 15:17 - 2016-01-28 18:18 - 06150607 _____ C:\Windows\system32\nvcoproc.bin
2016-07-16 15:14 - 2016-07-16 15:20 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-16 15:12 - 2016-07-21 13:06 - 00000000 ____D C:\Users\BaconFarmer
2016-07-16 15:12 - 2016-07-16 17:02 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\VirtualStore
2016-07-16 15:12 - 2016-07-16 15:38 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Packages
2016-07-16 15:12 - 2016-07-16 15:12 - 00001442 _____ C:\Users\BaconFarmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-16 15:12 - 2016-07-16 15:12 - 00000020 ___SH C:\Users\BaconFarmer\ntuser.ini
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\My Documents
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Videos
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Pictures
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Music
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Adobe
2016-07-16 15:11 - 2016-07-21 13:09 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 15:09 - 2016-07-16 15:09 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 23:02 - 2013-08-22 10:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-21 23:01 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\registration
2016-07-21 13:09 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2016-07-21 13:05 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 16:51 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\rescache
2016-07-20 16:06 - 2013-08-22 01:40 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-07-19 18:20 - 2013-08-22 09:22 - 00334088 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ToastData
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\WinStore
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\migwiz
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\MediaViewer
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\FileManager
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Camera
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-19 18:19 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\system32\oobe
2016-07-19 18:19 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\system32\Dism
2016-07-19 18:15 - 2013-08-22 10:06 - 00000000 ____D C:\Windows\CbsTemp
2016-07-18 09:53 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\AppReadiness
2016-07-17 01:02 - 2013-08-22 10:17 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-07-16 19:50 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-16 16:53 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-16 15:17 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Help

Some files in TEMP:
====================
C:\Users\BaconFarmer\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-16 15:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2016
Ran by BaconFarmer (2016-07-21 21:52:48)
Running from C:\Users\BaconFarmer\Downloads
Microsoft Windows 8.1 Pro N (X86) (2016-07-16 13:12:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4185273805-756655735-625963072-500 - Administrator - Disabled)
BaconFarmer (S-1-5-21-4185273805-756655735-625963072-1001 - Administrator - Enabled) => C:\Users\BaconFarmer
Guest (S-1-5-21-4185273805-756655735-625963072-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 hu) (HKLM\...\Mozilla Firefox 47.0.1 (x86 hu)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.4 (32-bit) (HKLM\...\Wireshark) (Version: 2.0.4 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {F59BBA59-8D34-4B69-8707-A34EA4897578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185273805-756655735-625963072-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [RemoteSvcAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteSvcAdmin-In-TCP] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-VDS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-VDS-In-TCP] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-Out-TCP] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-RAServer-Out-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-Out-TCP-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [FPS-LLMNR-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Block) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Block) %systemroot%\system32\wininit.exe
FirewallRules: [NETDIS-UPnPHost-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNTS-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNT-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-UPnPHost-Out-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-UPnP-Out-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDPHOST-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNTS-Out-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNT-Out-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-UPnP-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-UPnPHost-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDPHOST-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNTS-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-WSDEVNT-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [EventForwarder-In-TCP] => (Block) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [EventForwarder-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-UserMode-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [NetPres-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [NetPres-WSD-Out-UDP] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [NetPres-Out-TCP] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [{93865E8F-6ED9-4132-8D71-CB7A7AA1611E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C55FDBFE-1F89-4DB3-9A8E-72592D447D71}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2F9F8A73-9603-4893-9EA3-D9D2AEEAF7BB}] => (Block) LPort=49152
FirewallRules: [{C01045ED-BD41-4CF4-A8F3-DF88F1ED787F}] => (Block) LPort=49152
FirewallRules: [{AA2B03B8-9865-4075-B97F-5F95DB08DBCE}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{9AF2C2D7-DE6D-4217-827F-294C123F5B32}] => (Block) %SystemRoot%\System32\wininit.exe
FirewallRules: [{534F307D-406F-4531-8607-37B18BC1E028}] => (Block) %SystemRoot%\System32\wininit.exe
FirewallRules: [{0C495116-C6E2-4D4D-A81C-B74A1F860356}] => (Block) %SystemRoot%\explorer.exe
FirewallRules: [{C93089B4-1D80-4250-84E1-EF62B0D84AD0}] => (Block) %SystemRoot%\explorer.exe

==================== Restore Points =========================

21-07-2016 09:05:44 End of disinfection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2016 09:52:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2016 01:06:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x368
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/21/2016 09:05:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/21/2016 09:05:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4e2009d9-1883-4b80-9dee-6293b7f81373}

Error: (07/21/2016 08:52:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0xedc
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/21/2016 12:34:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x920
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/20/2016 10:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x358
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/20/2016 09:42:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x368
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/20/2016 09:18:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x250
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/20/2016 09:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x944
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5


System errors:
=============
Error: (07/21/2016 09:43:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2016 09:10:03 PM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/21/2016 07:06:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2016 05:04:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2016 01:07:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2016 01:05:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2016 11:56:33 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume23

Error: (07/21/2016 09:58:58 AM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/21/2016 09:58:42 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (07/21/2016 09:58:38 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6700 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 3069.61 MB
Available physical RAM: 1867.43 MB
Total Virtual: 6141.61 MB
Available Virtual: 4702.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.49 GB) (Free:213.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 79F97D8A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by BaconFarmer, 21 July 2016 - 03:13 PM.


#6 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 21 July 2016 - 10:46 PM

Hello BaconFarmer,
 

Sorry about doing all those things already, I just can't sit still without doing something

No need to apologize.  I just wanted to make sure we were all on the same page.  :)

 

We need to replace your host file..



(I set up the firewall blocks so that if something is on the system it couldn't communicate easily.)

Yes I noticed you blocked almost everything and this is something I would advise against.  May I suggest we reset the Windows Firewall instead?  If this is something you might be interested in, then I can provide you with the instructions for doing so.



AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Windows Defender is disabled.  We need to re-enable it..



  • Point your mouse at the top or bottom right corner of your screen.
  • A sidebar will appear.  Select Settings and then click on Control Panel.
  • A window will open, click on System and Security.
  • Select Action Center from the right pane.
  • Under Security there should be two sections:

     

    • Spyware and unwanted software protection (Important)
    • Virus protection (Important)

     

  • Click Turn on now next to either one of these two options.

Next..

Adwcleaner


  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point

I need you to run a search with FRST..


  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... SearchReg.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps outlined above?
  • Answer to my question concerning the firewall.
  • Adwcleaner report
  • SearchReg.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#7 BaconFarmer

BaconFarmer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2016 - 12:20 AM

Hello mAL

 

I created a new hosts file according to those steps, also I installed Bitdefender free, because after uninstalling avast so that there wouldn't be conflicts between it and the anti-rootkits, I guess something still remained there and windows defender won't turn on(checked it in services.msc and the disabled is grey, might be because it detects malwarebytes and/or roguekiller as one), and managed to reset the firewall rules to default. After this I ran AdwareCleaner and it found nothing, but the registry search with frst found a few stuff:

(Forgot to mention in my last reply that whenever I ran gmer with the registry option chosen it would freeze at some point and a window would come up telling me that it had stopped(or something similar), and in safe mode I would also get an exception code before this window.)

 

Farbar Recovery Scan Tool (x86) Version: 20-07-2016
Ran by BaconFarmer (2016-07-22 07:03:35)
Running from C:\Users\BaconFarmer\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-4185273805-756655735-625963072-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-4185273805-756655735-625963072-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

====== End of Search ======


Edited by BaconFarmer, 22 July 2016 - 12:22 AM.


#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 22 July 2016 - 10:22 PM

Hello BaconFarmer,
 

After this I ran AdwareCleaner and it found nothing

I still need to see the report created.  You can find it in the following location:


C:\AdwCleaner\AdwCleaner[S*].txt  * is the number of times the tool was run.


but the registry search with frst found a few stuff:

Don't worry about this.  There is nothing of concern in the entries found by the search.

At this point I would like to see a fresh FRST scan to ensure that all the changes mentioned in your last post have taken place..



  • Right-click on FRST.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • AdwCleaner Report
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 BaconFarmer

BaconFarmer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 July 2016 - 05:01 AM

Hi mAl

 

Here are the logs(The hosts file is there again, but when I open it manually the default text is in it, so I don't really get it.):

 

# AdwCleaner v5.201 - Logfile created 22/07/2016 at 07:00:37
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-21.2 [Server]
# Operating system : Windows 8.1 Pro N  (X86)
# Username : BaconFarmer - BACONVILLE
# Running from : C:\Users\BaconFarmer\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [638 bytes] - [22/07/2016 07:00:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [710 bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2016 01
Ran by BaconFarmer (administrator) on BACONVILLE (23-07-2016 11:50:27)
Running from C:\Users\BaconFarmer\Downloads
Loaded Profiles: BaconFarmer (Available Profiles: BaconFarmer)
Platform: Microsoft Windows 8.1 Pro N (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E8BE0F72-800F-4EFB-A606-9707D5E01832}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Extension: NoScript - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-07-20]
FF Extension: WOT - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-07-20]
FF Extension: Ghostery - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\firefox@ghostery.com.xpi [2016-07-20]
FF Extension: Self-Destructing Cookies - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-07-20]
FF Extension: uBlock Origin - C:\Users\BaconFarmer\AppData\Roaming\Mozilla\Firefox\Profiles\8837mhky.default-1469004575887\Extensions\uBlock0@raymondhill.net.xpi [2016-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-07-20] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [29128 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [214368 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
U3 axlyyaod; \??\C:\Users\BACONF~1\AppData\Local\Temp\axlyyaod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 11:46 - 2016-07-23 11:46 - 00000000 ____D C:\Users\BaconFarmer\Downloads\FRST-OlderVersion
2016-07-22 15:33 - 2016-07-22 15:50 - 00000000 ____D C:\Users\BaconFarmer\Desktop\check
2016-07-22 08:27 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-07-22 08:27 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-07-22 08:27 - 2013-08-22 07:26 - 00212832 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-07-22 08:27 - 2013-08-22 07:25 - 00799496 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-22 08:27 - 2013-08-22 07:25 - 00542328 _____ (Microsoft Corporation) C:\Windows\system32\DMRServer.exe
2016-07-22 08:27 - 2013-08-22 07:25 - 00308848 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2016-07-22 08:27 - 2013-08-22 07:25 - 00178744 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2016-07-22 08:27 - 2013-08-22 07:25 - 00149784 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-07-22 08:27 - 2013-08-22 07:25 - 00068168 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-22 08:27 - 2013-08-22 07:25 - 00027904 _____ (Microsoft Corporation) C:\Windows\system32\CameraSettingsUIHost.exe
2016-07-22 08:27 - 2013-08-22 07:24 - 00174536 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-22 08:27 - 2013-08-22 07:24 - 00092960 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-22 08:27 - 2013-08-22 07:24 - 00023392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUpFltr.sys
2016-07-22 08:27 - 2013-08-22 07:19 - 00312944 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-07-22 08:27 - 2013-08-22 07:19 - 00179728 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2016-07-22 08:27 - 2013-08-22 07:19 - 00104296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-22 08:27 - 2013-08-22 07:19 - 00085208 _____ (Microsoft Corporation) C:\Windows\system32\mfAACEnc.dll
2016-07-22 08:27 - 2013-08-22 07:19 - 00026848 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-22 08:27 - 2013-08-22 06:23 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2016-07-22 08:27 - 2013-08-22 06:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\asferror.dll
2016-07-22 08:27 - 2013-08-22 06:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\wmerror.dll
2016-07-22 08:27 - 2013-08-22 06:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-22 08:27 - 2013-08-22 06:06 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-22 08:27 - 2013-08-22 06:06 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-22 08:27 - 2013-08-22 06:03 - 00068096 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2016-07-22 08:27 - 2013-08-22 06:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\wmcodecdspps.dll
2016-07-22 08:27 - 2013-08-22 06:01 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll
2016-07-22 08:27 - 2013-08-22 05:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\LAPRXY.DLL
2016-07-22 08:27 - 2013-08-22 05:53 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-07-22 08:27 - 2013-08-22 05:49 - 00183808 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2016-07-22 08:27 - 2013-08-22 05:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wmvdspa.dll
2016-07-22 08:27 - 2013-08-22 05:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\mfdvdec.dll
2016-07-22 08:27 - 2013-08-22 05:48 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2016-07-22 08:27 - 2013-08-22 05:45 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\WmpDui.dll
2016-07-22 08:27 - 2013-08-22 05:43 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wmdmps.dll
2016-07-22 08:27 - 2013-08-22 05:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wmdmlog.dll
2016-07-22 08:27 - 2013-08-22 05:32 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2016-07-22 08:27 - 2013-08-22 05:29 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-22 08:27 - 2013-08-22 05:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2016-07-22 08:27 - 2013-08-22 05:24 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll
2016-07-22 08:27 - 2013-08-22 05:20 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-22 08:27 - 2013-08-22 05:20 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2016-07-22 08:27 - 2013-08-22 05:18 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-22 08:27 - 2013-08-22 05:18 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2016-07-22 08:27 - 2013-08-22 05:18 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2016-07-22 08:27 - 2013-08-22 05:18 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWiaCompat.dll
2016-07-22 08:27 - 2013-08-22 05:16 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-07-22 08:27 - 2013-08-22 05:16 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-07-22 08:27 - 2013-08-22 05:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2016-07-22 08:27 - 2013-08-22 05:15 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2016-07-22 08:27 - 2013-08-22 05:11 - 00954880 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2016-07-22 08:27 - 2013-08-22 05:11 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2016-07-22 08:27 - 2013-08-22 05:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-07-22 08:27 - 2013-08-22 04:59 - 00813568 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2016-07-22 08:27 - 2013-08-22 04:58 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2016-07-22 08:27 - 2013-08-22 04:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2016-07-22 08:27 - 2013-08-22 04:56 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2016-07-22 08:27 - 2013-08-22 04:38 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2016-07-22 08:27 - 2013-08-22 04:20 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2016-07-22 08:27 - 2013-08-22 04:18 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2016-07-22 08:27 - 2013-08-22 04:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2016-07-22 08:27 - 2013-08-22 04:17 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-07-22 08:27 - 2013-08-22 04:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Renewal.dll
2016-07-22 08:27 - 2013-08-22 01:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2016-07-22 08:27 - 2013-08-22 01:49 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2016-07-22 08:27 - 2013-06-18 14:28 - 00316640 _____ C:\Windows\WMSysPr9.prx
2016-07-22 08:26 - 2013-08-22 07:25 - 02804544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-22 08:26 - 2013-08-22 07:25 - 02410504 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 02392880 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 02324792 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 01456520 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-22 08:26 - 2013-08-22 07:25 - 01008176 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00998384 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2016-07-22 08:26 - 2013-08-22 07:25 - 00449848 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00446192 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00263912 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00263392 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00223104 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-22 08:26 - 2013-08-22 07:25 - 00167816 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-22 08:26 - 2013-08-22 07:19 - 02139320 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 01204976 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 01155392 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 01011288 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00883192 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00842048 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00753056 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00691512 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00669352 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00663136 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00650232 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00540752 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00518080 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00429696 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00380112 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00355320 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00283576 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-07-22 08:26 - 2013-08-22 07:19 - 00240136 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2016-07-22 08:26 - 2013-08-22 06:23 - 01049088 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-22 08:26 - 2013-08-22 06:14 - 09374208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-22 08:26 - 2013-08-22 05:46 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-07-22 08:26 - 2013-08-22 05:45 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-22 08:26 - 2013-08-22 05:42 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-22 08:26 - 2013-08-22 05:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-22 08:26 - 2013-08-22 05:33 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2016-07-22 08:26 - 2013-08-22 05:29 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2016-07-22 08:26 - 2013-08-22 05:24 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2016-07-22 08:26 - 2013-08-22 05:11 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-22 08:26 - 2013-08-22 05:11 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2016-07-22 08:26 - 2013-08-22 05:07 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-07-22 08:26 - 2013-08-22 05:04 - 01924096 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-07-22 08:26 - 2013-08-22 05:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-07-22 08:26 - 2013-08-22 04:59 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-07-22 08:26 - 2013-08-22 04:38 - 11760128 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-22 08:26 - 2013-08-22 04:21 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-07-22 08:26 - 2013-08-22 04:21 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-07-22 08:26 - 2013-08-22 04:07 - 00977408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-07-22 07:03 - 2016-07-22 07:03 - 00002405 _____ C:\Users\BaconFarmer\Downloads\SearchReg.txt
2016-07-22 07:02 - 2016-07-22 14:21 - 00000266 _____ C:\Users\BaconFarmer\Downloads\Search.txt
2016-07-22 07:00 - 2016-07-22 07:00 - 00000000 ____D C:\AdwCleaner
2016-07-22 06:55 - 2016-07-22 06:55 - 00197184 _____ C:\ProgramData\1469163257.bdinstall.bin
2016-07-22 06:54 - 2016-07-22 06:54 - 00002188 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2016-07-22 06:54 - 2016-07-22 06:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-07-22 06:54 - 2016-07-22 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-07-22 06:54 - 2016-07-22 06:54 - 00000000 ____D C:\Program Files\Bitdefender
2016-07-22 06:54 - 2013-05-28 11:11 - 00355744 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-07-22 06:54 - 2013-04-22 12:20 - 00164952 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-07-22 06:54 - 2013-04-17 13:59 - 00633344 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-07-22 06:54 - 2013-04-17 13:59 - 00486536 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-07-22 06:48 - 2016-07-22 06:48 - 00098117 _____ C:\ProgramData\1469162845.bdinstall.bin
2016-07-22 06:47 - 2016-07-22 06:47 - 00037529 _____ C:\ProgramData\1469162844.bdinstall.bin
2016-07-22 06:40 - 2016-07-22 06:40 - 00203618 _____ C:\ProgramData\1469162337.bdinstall.bin
2016-07-22 06:40 - 2012-11-02 13:17 - 00242504 ____N (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-07-22 06:40 - 2009-07-14 22:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-07-22 06:38 - 2016-07-22 06:54 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\QuickScan
2016-07-22 06:23 - 2016-07-22 20:04 - 00000592 __RSH C:\ProgramData\ntuser.pol
2016-07-22 06:23 - 2016-07-22 06:23 - 03712064 _____ C:\Users\BaconFarmer\Downloads\AdwCleaner.exe
2016-07-21 22:05 - 2016-07-21 22:05 - 00000000 _____ C:\Recovery.txt
2016-07-21 21:52 - 2016-07-23 11:50 - 00005292 _____ C:\Users\BaconFarmer\Downloads\FRST.txt
2016-07-21 21:52 - 2016-07-23 11:50 - 00000000 ____D C:\FRST
2016-07-21 21:52 - 2016-07-23 11:47 - 00014522 _____ C:\Users\BaconFarmer\Downloads\Addition.txt
2016-07-21 21:51 - 2016-07-23 11:46 - 01744384 _____ (Farbar) C:\Users\BaconFarmer\Downloads\FRST.exe
2016-07-21 21:51 - 2016-07-21 21:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BACONVILLE-Windows-8.1-Pro-N-(32-bit).dat
2016-07-21 21:50 - 2016-07-21 21:50 - 05575304 _____ (Tweaking.com) C:\Users\BaconFarmer\Downloads\tweaking.com_registry_backup_setup.exe
2016-07-21 21:50 - 2016-07-21 21:50 - 00017583 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-07-21 21:50 - 2016-07-21 21:50 - 00002197 _____ C:\Users\BaconFarmer\Desktop\Tweaking.com - Registry Backup.lnk
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\RegBackup
2016-07-21 21:50 - 2016-07-21 21:50 - 00000000 ____D C:\Program Files\Tweaking.com
2016-07-21 11:59 - 2016-07-21 11:59 - 00000000 __SHD C:\found.004
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.003
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.002
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.001
2016-07-21 11:56 - 2016-07-21 11:56 - 00000000 __SHD C:\found.000
2016-07-21 09:05 - 2016-07-21 09:05 - 00781312 _____ C:\Users\BaconFarmer\Downloads\delfix_1.010.exe
2016-07-20 20:26 - 2016-07-20 21:24 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-07-20 13:48 - 2016-07-21 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-20 13:48 - 2016-07-20 13:49 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-20 11:25 - 2016-07-23 11:40 - 00319886 _____ C:\Windows\ntbtlog.txt
2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\9413.reg
2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\80174933.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\33251981.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\2311.reg
2016-07-20 11:15 - 2016-07-20 11:15 - 00001771 _____ C:\config.ini
2016-07-19 21:53 - 2016-07-19 21:53 - 00161968 _____ C:\Windows\Minidump\071916-15000-01.dmp
2016-07-19 18:42 - 2016-07-19 18:43 - 00165408 _____ C:\Windows\Minidump\071916-17718-01.dmp
2016-07-19 18:05 - 2016-07-19 18:06 - 00000000 ____D C:\Windows\system32\MRT
2016-07-19 18:05 - 2016-07-19 18:05 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-19 18:02 - 2013-09-26 10:31 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2016-07-19 18:02 - 2013-09-26 10:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-19 18:02 - 2013-09-26 09:25 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2016-07-19 18:02 - 2013-09-26 09:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2016-07-19 18:02 - 2013-09-25 08:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-07-19 18:02 - 2013-09-25 07:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2016-07-19 18:02 - 2013-09-24 07:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2016-07-19 18:02 - 2013-09-24 07:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-07-19 18:02 - 2013-09-24 06:26 - 00944128 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-07-19 18:02 - 2013-09-24 05:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2016-07-19 18:02 - 2013-09-21 11:49 - 00493400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-07-19 18:02 - 2013-09-21 11:49 - 00197976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-07-19 18:02 - 2013-09-21 11:48 - 00130392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-07-19 18:02 - 2013-09-21 11:37 - 00489696 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-07-19 18:02 - 2013-09-21 11:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-07-19 18:02 - 2013-09-21 11:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-07-19 18:02 - 2013-09-21 11:18 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-19 18:02 - 2013-09-21 11:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-19 18:02 - 2013-09-21 11:09 - 00134784 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-19 18:02 - 2013-09-21 09:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-19 18:02 - 2013-09-21 09:02 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-19 18:02 - 2013-09-21 09:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-07-19 18:02 - 2013-09-21 08:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2016-07-19 18:02 - 2013-09-21 08:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2016-07-19 18:02 - 2013-09-21 07:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-07-19 18:02 - 2013-09-21 07:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-19 18:02 - 2013-09-21 07:29 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2016-07-19 18:02 - 2013-09-21 07:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-07-19 18:02 - 2013-09-21 07:19 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-07-19 18:02 - 2013-09-21 07:18 - 01198592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-07-19 18:02 - 2013-09-21 07:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-07-19 18:02 - 2013-09-21 07:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-07-19 18:02 - 2013-09-21 06:56 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-07-19 18:02 - 2013-09-21 06:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-07-19 18:02 - 2013-09-21 06:49 - 04975104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-07-19 18:02 - 2013-09-21 06:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-07-19 18:02 - 2013-09-21 06:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2016-07-19 18:02 - 2013-09-21 06:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-07-19 18:02 - 2013-09-19 08:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2016-07-19 18:02 - 2013-09-19 07:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2016-07-19 18:02 - 2013-09-19 07:38 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2016-07-19 18:02 - 2013-09-19 07:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2016-07-19 18:02 - 2013-09-19 06:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-07-19 18:02 - 2013-09-19 06:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2016-07-19 18:02 - 2013-09-19 06:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2016-07-19 18:02 - 2013-09-19 06:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-07-19 18:02 - 2013-09-19 06:10 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-07-19 18:02 - 2013-09-19 05:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2016-07-19 18:02 - 2013-09-19 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-07-19 18:02 - 2013-09-17 09:00 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-07-19 18:02 - 2013-09-17 07:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-19 18:02 - 2013-09-17 06:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-07-19 18:02 - 2013-09-17 06:00 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-07-19 18:02 - 2013-09-17 05:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2016-07-19 18:02 - 2013-09-14 14:42 - 00142168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2016-07-19 18:02 - 2013-09-14 12:43 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-19 18:02 - 2013-09-13 10:54 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2016-07-19 18:02 - 2013-09-13 10:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2016-07-19 18:02 - 2013-09-13 09:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-07-19 18:02 - 2013-09-12 09:17 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2016-07-19 18:02 - 2013-09-11 10:32 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-07-19 18:02 - 2013-09-11 10:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-19 18:02 - 2013-09-11 09:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-07-19 18:02 - 2013-09-07 14:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2016-07-19 18:02 - 2013-09-07 13:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2016-07-19 18:02 - 2013-09-07 13:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2016-07-19 18:02 - 2013-09-07 13:14 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2016-07-19 18:02 - 2013-09-07 13:06 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-07-19 18:02 - 2013-09-07 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2016-07-19 18:02 - 2013-09-07 12:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2016-07-19 18:02 - 2013-09-05 08:23 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2016-07-19 18:02 - 2013-09-05 07:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2016-07-19 18:02 - 2013-09-04 07:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2016-07-19 18:02 - 2013-09-04 07:22 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-07-19 18:02 - 2013-09-04 07:05 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-07-19 18:02 - 2013-09-04 06:47 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2016-07-19 18:02 - 2013-09-04 06:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2016-07-19 18:02 - 2013-09-04 06:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-07-19 18:02 - 2013-08-31 12:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2016-07-19 18:02 - 2013-08-31 11:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2016-07-19 18:02 - 2013-08-30 08:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2016-07-19 18:02 - 2013-08-28 08:55 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-07-19 18:02 - 2013-08-28 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2016-07-19 18:02 - 2013-08-27 07:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-07-19 18:01 - 2014-04-19 08:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-19 18:01 - 2014-03-10 10:43 - 01673048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-19 18:01 - 2014-03-10 10:43 - 00283992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-07-19 18:01 - 2013-11-11 02:50 - 00036696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2016-07-19 18:01 - 2013-11-08 10:40 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2016-07-19 18:01 - 2013-11-08 06:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2016-07-19 18:01 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-07-19 18:01 - 2013-11-08 05:30 - 01128448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-07-19 18:01 - 2013-11-08 05:05 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-07-19 18:01 - 2013-11-05 16:08 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-07-19 18:01 - 2013-11-05 15:19 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-07-19 18:01 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2016-07-19 18:01 - 2013-11-04 02:45 - 02038784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-07-19 18:01 - 2013-11-01 12:17 - 00077144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-07-19 18:01 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2016-07-19 18:01 - 2013-10-31 01:50 - 05753688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-19 18:01 - 2013-10-31 01:39 - 01261320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-19 18:01 - 2013-10-31 01:39 - 01159080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-07-19 18:01 - 2013-10-26 22:28 - 00120152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2016-07-19 18:01 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2016-07-19 18:01 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-07-19 18:01 - 2013-10-16 15:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-07-19 18:00 - 2014-01-08 02:55 - 00261464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-07-19 18:00 - 2014-01-08 02:35 - 01307992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-19 18:00 - 2014-01-08 02:35 - 00320856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-19 18:00 - 2014-01-04 17:08 - 00103936 _____ C:\Windows\system32\OEMLicense.dll
2016-07-19 18:00 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2016-07-19 18:00 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-07-19 18:00 - 2014-01-01 02:56 - 01445720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-19 18:00 - 2014-01-01 02:00 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-07-19 18:00 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2016-07-19 18:00 - 2013-12-31 01:33 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-07-19 18:00 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2016-07-19 18:00 - 2013-12-27 14:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2016-07-19 18:00 - 2013-12-27 14:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-07-19 18:00 - 2013-12-27 10:21 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2016-07-19 18:00 - 2013-12-27 09:27 - 11688448 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-19 18:00 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-07-19 18:00 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-07-19 18:00 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-07-19 18:00 - 2013-12-21 09:04 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2016-07-19 18:00 - 2013-12-17 08:13 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-07-19 18:00 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-07-19 18:00 - 2013-12-13 11:14 - 00077992 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-07-19 18:00 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-07-19 18:00 - 2013-12-09 01:25 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2016-07-19 18:00 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-07-19 18:00 - 2013-10-23 11:44 - 00104280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-07-19 18:00 - 2013-10-23 11:24 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2016-07-19 18:00 - 2013-10-23 11:21 - 00044904 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-07-19 18:00 - 2013-10-22 08:13 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2016-07-19 18:00 - 2013-10-22 08:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-19 18:00 - 2013-10-22 06:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-07-19 18:00 - 2013-10-22 05:02 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2016-07-19 18:00 - 2013-10-22 04:52 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-07-19 18:00 - 2013-10-22 03:59 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-07-19 18:00 - 2013-10-22 03:51 - 01634304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-19 18:00 - 2013-10-22 03:40 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-07-19 18:00 - 2013-10-19 08:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-19 18:00 - 2013-10-19 06:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-19 18:00 - 2013-10-19 06:44 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-19 18:00 - 2013-10-19 06:43 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-19 18:00 - 2013-10-19 06:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-19 18:00 - 2013-10-19 06:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-07-19 18:00 - 2013-10-19 05:56 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-19 18:00 - 2013-10-19 05:55 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-19 18:00 - 2013-10-19 05:09 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-19 18:00 - 2013-10-19 05:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-19 18:00 - 2013-10-16 11:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-07-19 18:00 - 2013-10-13 02:49 - 00207192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2016-07-19 18:00 - 2013-10-13 02:29 - 00706536 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-07-19 18:00 - 2013-10-11 15:03 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2016-07-19 18:00 - 2013-10-10 16:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-07-19 18:00 - 2013-10-10 16:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-19 18:00 - 2013-10-10 13:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-07-19 18:00 - 2013-10-10 13:12 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-07-19 18:00 - 2013-10-08 10:49 - 00415576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-07-19 18:00 - 2013-10-08 07:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-07-19 18:00 - 2013-10-08 07:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-07-19 18:00 - 2013-10-08 07:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-07-19 18:00 - 2013-10-08 06:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-07-19 18:00 - 2013-10-08 06:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-07-19 18:00 - 2013-10-07 08:07 - 00049544 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-19 18:00 - 2013-10-07 04:03 - 02833408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-19 18:00 - 2013-10-05 14:30 - 00321368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-07-19 18:00 - 2013-10-05 14:30 - 00047960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-07-19 18:00 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-07-19 18:00 - 2013-10-05 14:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-19 18:00 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-07-19 18:00 - 2013-10-05 11:59 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-19 18:00 - 2013-10-05 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-07-19 18:00 - 2013-10-05 10:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-07-19 18:00 - 2013-10-05 10:29 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-19 18:00 - 2013-10-05 10:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2016-07-19 18:00 - 2013-10-05 10:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-07-19 18:00 - 2013-10-05 10:00 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2016-07-19 18:00 - 2013-10-05 09:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-07-19 18:00 - 2013-10-04 10:00 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-07-19 18:00 - 2013-09-17 08:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-07-19 18:00 - 2013-09-17 07:28 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-19 18:00 - 2013-09-17 05:47 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-07-19 18:00 - 2013-09-14 14:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2016-07-19 18:00 - 2013-09-14 14:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2016-07-19 18:00 - 2013-09-14 11:29 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-07-19 18:00 - 2013-09-14 10:54 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-07-19 18:00 - 2013-09-13 09:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2016-07-19 18:00 - 2013-09-12 10:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2016-07-19 18:00 - 2013-09-12 09:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-07-19 18:00 - 2013-09-12 09:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-07-19 18:00 - 2013-09-12 09:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-07-19 18:00 - 2013-09-12 09:17 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2016-07-19 18:00 - 2013-09-12 09:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-07-19 18:00 - 2013-09-10 06:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2016-07-19 17:59 - 2014-02-11 05:32 - 03486208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-19 17:59 - 2013-11-27 16:09 - 02872688 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-07-19 17:59 - 2013-11-27 12:46 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2016-07-19 17:59 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-19 17:59 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-07-19 17:59 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2016-07-19 17:59 - 2013-10-10 13:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-07-19 17:59 - 2013-10-10 12:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-07-19 17:58 - 2013-09-26 08:44 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-07-19 17:58 - 2013-09-26 08:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2016-07-19 17:57 - 2013-12-20 10:26 - 01382208 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-19 17:57 - 2013-12-20 10:26 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-07-19 15:18 - 2016-07-19 15:18 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2016-07-19 15:18 - 2016-07-19 15:18 - 00000020 _____ C:\Windows\system32\Drivers\SMR410.dat
2016-07-19 12:13 - 2016-07-19 16:38 - 00000303 _____ C:\Users\BaconFarmer\Desktop\blockit.bat
2016-07-19 12:04 - 2016-07-19 12:10 - 00002349 _____ C:\Users\BaconFarmer\Desktop\blockit.txt
2016-07-19 10:34 - 2016-07-19 10:34 - 00162048 _____ C:\Windows\Minidump\071916-13390-01.dmp
2016-07-18 17:15 - 2016-07-18 17:15 - 00161632 _____ C:\Windows\Minidump\071816-12062-01.dmp
2016-07-18 12:38 - 2016-07-18 12:21 - 00035904 _____ C:\Windows\system32\Drivers\xaydna8h.sys
2016-07-18 12:24 - 2016-07-18 12:24 - 00161256 _____ C:\Windows\Minidump\071816-24421-01.dmp
2016-07-18 12:23 - 2016-07-18 12:23 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\jl440fgi.sys
2016-07-18 12:22 - 2016-07-18 12:22 - 00164112 _____ C:\Windows\Minidump\071816-22421-01.dmp
2016-07-18 12:20 - 2016-07-18 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-18 12:20 - 2016-07-18 12:20 - 00000000 ____D C:\Program Files\AGEIA Technologies
2016-07-18 12:19 - 2016-01-29 10:45 - 00614848 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2016-07-18 12:18 - 2016-01-29 14:04 - 24207296 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 15302712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 14497760 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 11272240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 11209192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 10718264 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-18 12:18 - 2016-01-29 14:04 - 03994560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 01060400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234195.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00917048 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00912248 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234195.dll
2016-07-18 12:18 - 2016-01-29 14:04 - 00878648 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2016-07-18 12:17 - 2016-07-18 12:17 - 00000000 ____D C:\NVIDIA
2016-07-18 10:59 - 2016-07-18 10:59 - 00015916 _____ C:\Users\BaconFarmer\Desktop\8383_.s_ys.reg
2016-07-18 10:56 - 2016-07-18 10:56 - 00149080 _____ C:\Windows\Minidump\071816-12953-01.dmp
2016-07-18 10:40 - 2016-07-18 10:40 - 00149080 _____ C:\Windows\Minidump\071816-12390-01.dmp
2016-07-18 10:30 - 2016-07-18 10:30 - 00149080 _____ C:\Windows\Minidump\071816-13156-01.dmp
2016-07-18 10:28 - 2016-07-22 06:08 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\CrashDumps
2016-07-18 10:22 - 2016-07-18 10:23 - 00165496 _____ C:\Windows\Minidump\071816-13500-01.dmp
2016-07-18 10:17 - 2016-07-18 11:06 - 00000000 ____D C:\vba32arkit
2016-07-18 10:16 - 2016-07-20 23:16 - 00000000 ____D C:\gmer
2016-07-17 10:45 - 2016-07-19 21:53 - 222613177 _____ C:\Windows\MEMORY.DMP
2016-07-17 10:45 - 2016-07-19 21:53 - 00000000 ____D C:\Windows\Minidump
2016-07-17 10:45 - 2016-07-17 10:45 - 00163432 _____ C:\Windows\Minidump\071716-17406-01.dmp
2016-07-17 01:03 - 2016-07-16 15:12 - 00000000 ____D C:\Windows\Panther
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Macromedia
2016-07-16 19:51 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Macromedia
2016-07-16 19:50 - 2016-07-16 19:51 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Adobe
2016-07-16 19:07 - 2016-07-16 19:07 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Wireshark
2016-07-16 18:57 - 2016-07-16 18:57 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-16 18:57 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\WinPcap
2016-07-16 18:54 - 2016-07-16 18:54 - 00001774 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-07-16 18:54 - 2016-07-16 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-16 18:53 - 2016-07-16 18:57 - 00000000 ____D C:\Program Files\Wireshark
2016-07-16 18:10 - 2016-07-16 18:10 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\CEF
2016-07-16 18:09 - 2016-07-20 11:15 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-16 18:08 - 2016-07-16 18:08 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-16 17:32 - 2016-07-16 17:32 - 00000000 ____D C:\Windows\pss
2016-07-16 17:27 - 2016-07-19 09:57 - 00000000 ____D C:\Users\BaconFarmer\Downloads\SysinternalsSuite
2016-07-16 17:04 - 2016-07-20 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-16 16:27 - 2016-07-20 21:44 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-16 16:27 - 2016-07-16 16:27 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-16 16:15 - 2014-01-31 16:04 - 00265560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-07-16 16:15 - 2014-01-31 11:02 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2016-07-16 16:15 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-07-16 16:15 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2016-07-16 16:15 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2016-07-16 16:15 - 2014-01-29 09:43 - 01883480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-07-16 16:15 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2016-07-16 16:15 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-07-16 16:15 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-07-16 16:15 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2016-07-16 16:15 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-07-16 16:15 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-07-16 16:15 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-07-16 16:15 - 2014-01-27 13:52 - 00386722 _____ C:\Windows\system32\ApnDatabase.xml
2016-07-16 16:15 - 2013-12-21 14:06 - 05251224 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-07-16 16:15 - 2013-12-21 10:08 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2016-07-16 16:14 - 2013-12-11 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2016-07-16 16:14 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-07-16 16:14 - 2013-11-27 13:03 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2016-07-16 16:14 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2016-07-16 16:14 - 2013-11-27 11:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-07-16 16:14 - 2013-11-27 11:01 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-07-16 16:14 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2016-07-16 16:14 - 2013-11-27 10:47 - 01284096 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-07-16 16:14 - 2013-11-27 10:23 - 03423744 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-07-16 16:14 - 2013-11-25 02:47 - 00116568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-16 16:14 - 2013-11-25 02:32 - 00871256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-16 16:14 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-07-16 16:14 - 2013-11-23 10:28 - 00030552 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2016-07-16 16:14 - 2013-11-23 08:14 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2016-07-16 16:14 - 2013-11-23 08:14 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2016-07-16 16:14 - 2013-11-23 08:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-16 16:14 - 2013-11-23 06:23 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-07-16 16:14 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-16 16:14 - 2013-11-21 08:10 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2016-07-16 16:14 - 2013-11-21 07:44 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-16 16:14 - 2013-11-15 15:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-07-16 16:14 - 2013-11-15 15:20 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-07-16 16:14 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-16 16:14 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-07-16 16:14 - 2013-10-05 14:05 - 01090808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-16 16:13 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-16 16:13 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-16 16:13 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-07-16 16:13 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-07-16 16:12 - 2014-03-06 09:32 - 01033368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-16 16:12 - 2014-03-06 09:10 - 00861984 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-16 16:12 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-16 16:12 - 2013-10-13 02:45 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2016-07-16 16:12 - 2013-10-12 23:14 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-07-16 16:12 - 2013-10-12 23:02 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-07-16 16:12 - 2013-10-03 11:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2016-07-16 16:12 - 2013-10-02 11:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-07-16 16:06 - 2016-07-16 16:06 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\NVIDIA
2016-07-16 16:04 - 2016-07-20 22:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-16 16:04 - 2016-07-16 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-20 13:02 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-16 16:03 - 2016-07-16 16:04 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-16 16:03 - 2016-07-16 16:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-16 16:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-16 16:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-16 15:30 - 2016-07-16 15:30 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\ElevatedDiagnostics
2016-07-16 15:18 - 2016-07-22 08:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-16 15:17 - 2016-07-18 12:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-16 15:17 - 2016-07-16 15:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-16 15:17 - 2016-01-29 14:04 - 00067520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 04397624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 03068864 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 00678968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-16 15:17 - 2016-01-29 12:14 - 00381888 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-16 15:17 - 2016-01-29 12:14 - 00070200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-16 15:17 - 2016-01-28 18:18 - 06150607 _____ C:\Windows\system32\nvcoproc.bin
2016-07-16 15:14 - 2016-07-16 15:20 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Mozilla
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-16 15:14 - 2016-07-16 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-16 15:12 - 2016-07-21 13:06 - 00000000 ____D C:\Users\BaconFarmer
2016-07-16 15:12 - 2016-07-16 17:02 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\VirtualStore
2016-07-16 15:12 - 2016-07-16 15:38 - 00000000 ____D C:\Users\BaconFarmer\AppData\Local\Packages
2016-07-16 15:12 - 2016-07-16 15:12 - 00001442 _____ C:\Users\BaconFarmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-16 15:12 - 2016-07-16 15:12 - 00000020 ___SH C:\Users\BaconFarmer\ntuser.ini
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\My Documents
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Videos
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Pictures
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 _SHDL C:\Users\BaconFarmer\Documents\My Music
2016-07-16 15:12 - 2016-07-16 15:12 - 00000000 ____D C:\Users\BaconFarmer\AppData\Roaming\Adobe
2016-07-16 15:11 - 2016-07-22 08:35 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 15:09 - 2016-07-16 15:09 - 00000000 ____D C:\Windows\CSC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 08:35 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2016-07-22 08:29 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 08:27 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-22 08:27 - 2013-08-22 10:06 - 00000000 ____D C:\Windows\CbsTemp
2016-07-22 06:22 - 2013-08-22 10:17 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-21 23:02 - 2013-08-22 10:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-21 23:01 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\registration
2016-07-20 16:51 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\rescache
2016-07-20 16:06 - 2013-08-22 01:40 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-07-19 18:20 - 2013-08-22 09:22 - 00334088 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ToastData
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\WinStore
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\migwiz
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\MediaViewer
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\FileManager
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Camera
2016-07-19 18:19 - 2013-08-22 10:17 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-19 18:19 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\system32\oobe
2016-07-19 18:19 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\system32\Dism
2016-07-18 09:53 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\AppReadiness
2016-07-17 01:02 - 2013-08-22 10:17 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-07-16 19:50 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-16 16:53 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-16 15:17 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\Help

==================== Files in the root of some directories =======

2016-07-22 06:40 - 2016-07-22 06:40 - 0203618 _____ () C:\ProgramData\1469162337.bdinstall.bin
2016-07-22 06:47 - 2016-07-22 06:47 - 0037529 _____ () C:\ProgramData\1469162844.bdinstall.bin
2016-07-22 06:48 - 2016-07-22 06:48 - 0098117 _____ () C:\ProgramData\1469162845.bdinstall.bin
2016-07-22 06:55 - 2016-07-22 06:55 - 0197184 _____ () C:\ProgramData\1469163257.bdinstall.bin

Some files in TEMP:
====================
C:\Users\BaconFarmer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\BaconFarmer\AppData\Local\Temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-16 15:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2016 01
Ran by BaconFarmer (2016-07-23 11:50:43)
Running from C:\Users\BaconFarmer\Downloads
Microsoft Windows 8.1 Pro N (X86) (2016-07-16 13:12:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4185273805-756655735-625963072-500 - Administrator - Disabled)
BaconFarmer (S-1-5-21-4185273805-756655735-625963072-1001 - Administrator - Enabled) => C:\Users\BaconFarmer
Guest (S-1-5-21-4185273805-756655735-625963072-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 hu) (HKLM\...\Mozilla Firefox 47.0.1 (x86 hu)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.4 (32-bit) (HKLM\...\Wireshark) (Version: 2.0.4 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-22 06:54 - 2013-03-19 11:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-07-22 06:54 - 2013-09-03 13:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-22 06:09 - 2016-07-22 06:09 - 00000831 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185273805-756655735-625963072-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2016 11:43:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/23/2016 11:32:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x81c
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/23/2016 12:41:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x2f8
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 03:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x660
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 08:30:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x470
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 06:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0xd60
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 06:49:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x360
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 06:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0x368
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5

Error: (07/22/2016 06:08:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x56ab35eb
Faulting module name: nvcplui.exe, version: 7.8.840.0, time stamp: 0x56ab35eb
Exception code: 0x40000015
Fault offset: 0x0015a770
Faulting process id: 0xb6c
Faulting application start time: 0xnvcplui.exe0
Faulting application path: nvcplui.exe1
Faulting module path: nvcplui.exe2
Report Id: nvcplui.exe3
Faulting package full name: nvcplui.exe4
Faulting package-relative application ID: nvcplui.exe5

Error: (07/22/2016 06:08:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvxdsync.exe, version: 8.17.13.4195, time stamp: 0x56ab2c5b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.16656, time stamp: 0x53181390
Exception code: 0xc06d007e
Fault offset: 0x00011e45
Faulting process id: 0xa20
Faulting application start time: 0xnvxdsync.exe0
Faulting application path: nvxdsync.exe1
Faulting module path: nvxdsync.exe2
Report Id: nvxdsync.exe3
Faulting package full name: nvxdsync.exe4
Faulting package-relative application ID: nvxdsync.exe5


System errors:
=============
Error: (07/22/2016 12:09:49 PM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2016 10:43:47 AM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2016 10:37:28 AM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/22/2016 07:57:53 AM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2016 07:57:23 AM) (Source: DCOM) (EventID: 10010) (User: BaconVille)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/22/2016 06:54:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/22/2016 06:47:31 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5 = Access is denied.


Error: (07/22/2016 06:47:30 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5 = Access is denied.


Error: (07/22/2016 06:40:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (07/21/2016 09:43:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6700 @ 2.66GHz
Percentage of memory in use: 20%
Total physical RAM: 3069.61 MB
Available physical RAM: 2455.2 MB
Total Virtual: 6141.61 MB
Available Virtual: 5172.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.49 GB) (Free:214.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 79F97D8A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by BaconFarmer, 23 July 2016 - 05:07 AM.


#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 24 July 2016 - 04:18 AM

Hello BaconFarmer,
 

2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\9413.reg
2016-07-20 11:19 - 2016-07-20 11:19 - 00000280 _____ C:\Users\BaconFarmer\Desktop\80174933.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\33251981.reg
2016-07-20 11:18 - 2016-07-20 11:18 - 00000280 _____ C:\Users\BaconFarmer\Desktop\2311.reg
2016-07-18 10:59 - 2016-07-18 10:59 - 00015916 _____ C:\Users\BaconFarmer\Desktop\8383_.s_ys.reg
2016-07-19 12:13 - 2016-07-19 16:38 - 00000303 _____ C:\Users\BaconFarmer\Desktop\blockit.bat
2016-07-19 12:04 - 2016-07-19 12:10 - 00002349 _____ C:\Users\BaconFarmer\Desktop\blockit.txt

I am assuming you are aware of the .reg and .bat files on your desktop.  Is this accurate?


Please run the following fix..
 

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
CreateRestorePoint:

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 axlyyaod; \??\C:\Users\BACONF~1\AppData\Local\Temp\axlyyaod.sys [X]
C:\Users\BaconFarmer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\BaconFarmer\AppData\Local\Temp\ERUNT.exe

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-4185273805-756655735-625963072-1001\Software\Trolltech]

EmptyTemp:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


Let's do an online scan to make sure we didn't miss anything..

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs



  • Close all opened programs, open your browser and go to the following link: ESET Online Scanner.
  • Click on the SCAN NOW button under ESET Online Scanner.
    • Depending on which browser you are using, you might be prompted to download an executable file.
    • Please save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.  
    • If you agree to the Terms of use, select Accept to continue.  
  • Please check the following option:

     

    • Enable detection of potentially unwanted applications

     

  • Select Advanced settings and ensure that the following options are checked:

     

    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology

     

        
  • Make sure that the following option is NOT checked:  => Very important!

     

    • Clean threats automatically

     

  • Click Scan and the process will now begin.  Please do not use your computer while the scan is running.
  • Once the scan is completed, click Copy to clipboard.
  • Open the Start menu and type notepad.exe in the search programs and files box.
  • Press Enter.  A blank Notepad page should open, paste the contents inside the window.
  • Save the file as ESETScan.txt.
  • Please copy/paste the contents of ESETScan.txt in your next reply.
  • You can now safely close the program.
    Do not forget to re-activate your Antivirus at this point.

How is your computer behaving at this point?

-----------------------------------------
In your next reply, I would like to see..


  • fixlog.txt
  • ESET Report

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 26 July 2016 - 04:54 AM

Hello BaconFarmer,

Are you still with me? It's been more than 48 hours since my last post.  I usually close topics for "lack of feedback" if there is no response after 4 days.  Unless you post a reply within the next 48 hours, I will close this topic...

Thank you for your understanding,

mAL


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 28 July 2016 - 05:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users