Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Powerful computer = Choppy Media and Video Rendering. Unknown virus/malware?


  • This topic is locked This topic is locked
13 replies to this topic

#1 Haagendaz

Haagendaz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 02 November 2016 - 09:15 PM

Dell Precision T7500

2.4GHZ x 16 CPU's

24 GB RAM

Windows 7 64 bit 

 

 

Problem:   Media text, video and image rendering often choppy and gappy.    Unsure if it's a virus or malware problem.    Using Diskcryptor for full disk encryption.    Unsure if this might be the culprit? 

Farbar scan results attached. 

Thank you, 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 03 November 2016 - 11:23 PM

Hello Haagendaz

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 05 November 2016 - 11:05 PM

Hello Haagendaz, and welcome to Bleeping Computer.

I will be helping you with your computer problem. If you would permit me to call you by your first name, I would prefer that. Please call me "Ray".

 

 

 

Security Compromise

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

 

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

 

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system

 

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

 

 

 

 

 

Fix or Format?

 

If you decide to reformat your C drive and reinstall Windows, you can skip the rest of this message. Just please let me know your decision. If you want to attempt a repair, please continue with the steps below.


Panda USB Drive Immunization

If you intend to transfer any files from your sick PC to any other device via USB drive(s), we need to vaccinate the USB drive(s) to prevent infecting it/them and the destination device.

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean working computer.
Note: The download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.

  • Insert your USB flash drive into your clean working computer.
  • Double-click USBVaccineSetup.exe to install the program.
  • Select your language. Read and accept the agreement to continue.
  • Choose whether to run the vaccinator at all times and/or for all newly inserted USB drives.
  • Click Next then Finish to complete the installation. The Panda Research USB Vaccine window will open.
  • Select your USB drive from the list. If it is not already vaccinated, click Vaccinate USB.
  • Note: Optionally you can click Vaccinate computer as well. That disables executable items from running automatically on your PC.
  • A message should appear that your USB drive was vaccinated. If not, please describe the error symptoms including verbatim copies of error messages and stop here.
  • Your USB flash drive(s) must be immunized before we use it/them on your infected computer.

 

 

Peer-to-Peer File Sharing Warning

Going over your logs, I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however, that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Please let me know whether you will refrain from using BitTorrent or will delete it.



What Is Source Of Videos?

You say, "Media text, video and image rendering often choppy and gappy".

  • What is the source of the videos?
  • Are they files stored locally on your PC or are they steaming video from an online connection?
  • If from an online source, does performance vary at different times of day?
  • Try these online speed test sites: http://www.speedtest.net/ and http://www.dslreports.com/stest. Please tell me the results of the tests.
  • Are all files similarly affected or do some files render normally?

 

 

 

In your next reply...

Tell me whether you will format your C drive and reinstall your Windows operating system.
 

If you wish to proceed with a fix without reinstalling Windows...

  • Did you immunize any USB drives used for file transfer?
  • Please confirm that you have backed up your important data files.
  • Did you uninstall BitTorrent? If not, please confirm that you will not use it until we close this topic.
  • Please answer all five questions under the What Is Source Of Videos? heading. It would be best if you copy and paste the questions. Then intersperse your replies under each one.

 

 

Regards,

Ray
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 Haagendaz

Haagendaz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 November 2016 - 05:30 AM

 

 

In your next reply...

Tell me whether you will format your C drive and reinstall your Windows operating system.
 

If you wish to proceed with a fix without reinstalling Windows...

  • Did you immunize any USB drives used for file transfer?
  • Please confirm that you have backed up your important data files.
  • Did you uninstall BitTorrent? If not, please confirm that you will not use it until we close this topic.
  • Please answer all five questions under the What Is Source Of Videos? heading. It would be best if you copy and paste the questions. Then intersperse your replies under each one.

 

 

Regards,

Ray
 

 

Thanks for the time and all the hard work you put into that response, Ray!!     

1.   I wish to proceed without reinstalling windows. 

2.   No, I haven't immunized any USB transfer cards.  I have yet to transfer anything.  

3.   All important files are backed up. 

4.   Yes, Bit Torrent was removed.  I used it once this week, for one movie.  I doubt it's the source of infection. 

 

 

  • What is the source of the videos?

All sources.   All internet browsers.   Various websites.   Windows media player videos played offline etc. 

 

  • Are they files stored locally on your PC or are they steaming video from an online connection?

streamed from online connection 

 

  • If from an online source, does performance vary at different times of day?

yes.   but performance is the same when rendering offline media.   exact same performance deficits.  so it's not isolated to connection speed.  when often connection speed is irrelevant to the lack of performance. 

 

Yes, yes.  I know.   It's not that.  See above. 

 

  • Are all files similarly affected or do some files render normally?

All files are similarly affected.  Scrolling down a list of files in windows explorer can be jagged or choppy etc. 

 

Thanks :) 



#5 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 08 November 2016 - 05:38 PM

Hi Haagendaz,

Thank you for your replies.


Repair compromised computer

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CreateRestorePoint:
CloseProcesses:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

(hxxp://lynx.isc.org) C:\Users\Noah\AppData\Local\Okxzics\tmp7D95.exe
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [Okxzics] => C:\Users\Noah\AppData\Local\Okxzics\tmp7D95.exe [168750 2016-11-02] (hxxp://lynx.isc.org)
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [AWCworks] => regsvr32.exe C:\Users\Noah\AppData\Local\AWCworks\xqrjanvr.dll <===== ATTENTION
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [Emvtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Noah\AppData\Local\Okxzics\cfgccFactory.dll

2016-11-02 00:42 - 2016-11-02 21:48 - 00000000 ____D C:\Users\Noah\AppData\Local\Okxzics
2016-11-02 00:42 - 2016-11-02 21:48 - 00000000 ____D C:\Users\Noah\AppData\Local\AWCworks

CMD: type C:\Users\Noah\Desktop\AdwCleaner[S0].txt

HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [BitTorrent] => C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe [2376392 2016-10-31] (BitTorrent Inc.)
C:\Users\Noah\AppData\Roaming\BitTorrent\
C:\Users\Noah\Desktop\BitTorrent.lnk
C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
C:\Users\Noah\Downloads\BitTorrent.exe
BitTorrent (HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
FirewallRules: [{15FA7939-200E-48B7-A2B4-ADE46883FBF7}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C5876B5C-6118-47C4-85EA-8494022F32F3}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{372F344B-107D-4589-8DBD-A4F33678738B}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A0229F75-6248-48CF-B03E-8AB644DA4B3F}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B802F573-0126-4B4D-8C4A-56369B0001AD}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BD4F5A47-79CA-486B-BAE3-1337E9558A0A}] => (Allow) C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe

HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [Windows Performance Monitor] => C:\Users\Noah\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll [5979136 2016-11-02] ()
C:\Users\Noah\AppData\Local\Microsoft\Performance\

Folder: C:\Users\Noah\AppData\Local\SysHashTable
File: C:\Windows\System32\DRIVERS\npf.sys
Reboot:

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Rescan with Farbar Recovery Scan Tool

Please download a fresh copy of Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

 

 

In your next reply...

  • Copy and paste the contents of the Fixlog.txt report into the body of your message.
  • Copy and paste the contents of the Frst.txt and Addition.txt into the body of your message.
  • Tell me whether video playback or streaming has improved.

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 12 November 2016 - 09:43 PM

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 Haagendaz

Haagendaz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 14 November 2016 - 08:03 PM

yes I am here.  Will perform the scan now.  thank you 



#8 Haagendaz

Haagendaz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 15 November 2016 - 01:19 AM

Hey Ray.  

More technical difficulties.
 
www.bleepingcomputer.com won't allow me to post the files you requested in the message field. 

The fixlog.txt is "too long". 
 
Please advise. 


#9 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 15 November 2016 - 01:40 AM

Post it into two or more consecutive posts.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#10 Haagendaz

Haagendaz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 15 November 2016 - 02:57 AM

fixlog.txt   

 

http://www.bleepstatic.com/fhost/uploads/5/fixlog.txt


Edited by LiquidTension, 15 November 2016 - 03:21 AM.
Fixlog.txt uploaded due to size of file. See link above.


#11 Haagendaz

Haagendaz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 15 November 2016 - 03:06 AM

ADDITION.TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Noah (14-11-2016 20:13:06)
Running from C:\Users\Noah\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-12-14 08:27:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3861468753-2686166107-4350438-500 - Administrator - Disabled)
Guest (S-1-5-21-3861468753-2686166107-4350438-501 - Limited - Disabled)
Noah (S-1-5-21-3861468753-2686166107-4350438-1000 - Administrator - Enabled) => C:\Users\Noah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA nView 148.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.03 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Questrade IQ Edge (HKLM-x32\...\{B50F973A-8BEC-4A5D-AFEE-E4AEDAA150BD}_is1) (Version: 5.1.6.1 - Questrade Inc.)
Questrade IQ Edge Practice (HKLM-x32\...\{B50F975A-7BEC-3A6D-AFEE-E4AEDAA153BD}_is1) (Version: 5.1.6.1 - Questrade Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2162ACAE-0B16-4B2C-8D35-7C80EDA4FA19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
Task: {4814A671-78E9-4075-912F-065C04574825} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {82DF169B-A9D0-48DF-BF9B-62B09F07F2B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {876C385F-33AC-415C-B2AE-A0E906868D70} - System32\Tasks\{DF0FB665-F755-46BD-963F-EB7D195A3CAB} => pcalua.exe -a "C:\Users\Noah\Desktop\fxTrade (1).exe" -d C:\Users\Noah\Desktop
Task: {8C76AD86-C8B1-47A4-A41E-2FCFE52A0532} - System32\Tasks\{6B6B376F-3777-43C3-BBB0-6C5C0228A838} => pcalua.exe -a "C:\Users\Noah\Desktop\HijackThis (1).exe" -d C:\Users\Noah\Desktop
Task: {B3966570-D5AD-4303-9BC6-B11C5FF53477} - System32\Tasks\{1646E144-1B52-4504-8852-89F2E1ADA8D0} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\DirectX\D3D11Install.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\DirectX"
Task: {C85AAE3A-C544-4D84-9C41-01FA89B1E81D} - System32\Tasks\NordVPN Client auto-start => C:\Program Files\NordVPN\NordVPN Client.exe [2016-09-30] (NordVPN Inc.)
Task: {E761F48A-5045-43E4-93DE-C5B1AF71771A} - System32\Tasks\{E83ED54B-D288-46B5-8467-D18CED0E3325} => pcalua.exe -a "C:\Users\Noah\Desktop\fxTrade (3).exe" -d C:\Users\Noah\Desktop
Task: {F009B8E6-EB8F-4C97-88ED-6D55A9823233} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
Task: {F593962E-113B-4973-B760-61A66C6DF521} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App (by STANDS).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble

==================== Loaded Modules (Whitelisted) ==============

2016-11-07 05:50 - 2016-10-22 01:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-14 03:49 - 2011-12-14 20:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2015-12-14 03:49 - 2011-12-14 20:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2016-10-21 16:18 - 2016-10-20 03:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-21 16:18 - 2016-10-20 03:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2015-12-14 03:49 - 2011-12-14 13:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2015-12-14 03:49 - 2011-12-14 13:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-12-02 11:58 - 2015-11-16 13:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-12-14 01:37 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3861468753-2686166107-4350438-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupreg: BitTorrent => "C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Okxzics => C:\Users\Noah\AppData\Local\Okxzics\tmp7D95.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Performance Monitor => rundll32.exe "C:\Users\Noah\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94132134-EA30-475C-B4E8-B6820E837C7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C973F1D8-85AA-453B-B572-81D69A98873C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E900818C-AB6E-49DE-AE89-087E827931D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2D15F82-626A-4273-9F47-6965864B65C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{516E53D5-E0C4-42D1-B47D-D744A50CD65A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08FE4277-BAD8-416B-821C-1335677F4721}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0F5E1D63-3991-48FD-ABE2-B6C0D7B02872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{7DDD996B-838A-47DD-87A1-0BFBD14B2C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{F969D7CD-00CD-4C88-B407-1CCD2B287EDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{CC69C5B6-870C-49C8-84BA-7A38CE4D1BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1B138619-D96A-4632-B491-BBDC6F3857BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F97E315E-07F7-44E5-8DCE-B8E71A5F45C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{49471CEC-2B97-4229-AAD7-41DA388C5608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CDBA3D55-0E41-48A5-9B0B-6C721D9AACC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5575CD89-AC6F-42D1-905D-7504F692E8D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{221F484D-F49C-4AAD-8182-F9206FCECD9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A4BB0F96-E133-4FCE-AE34-1DD864CC8E75}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{6700ACF1-3755-4E45-9EA3-C3A3E8D38400}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{EB7D279F-A2A4-475F-8890-F225C35F46DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97EB50F8-48D3-45CD-BEDE-32EF3F870829}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-11-2016 02:48:51 Windows Update
02-11-2016 01:13:53 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
03-11-2016 21:43:02 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
03-11-2016 22:25:48 Windows Update
03-11-2016 23:37:56 Windows Update
11-11-2016 08:59:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2016 10:51:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2016 10:20:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2016 12:28:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 11:17:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 07:59:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 07:01:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 06:27:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 06:26:22 AM) (Source: NVWMI) (EventID: 3) (User: )
Description: RegisterProvider: failed - (null) (0xFFFFFFFA)

Error: (11/07/2016 06:05:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/07/2016 05:49:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (11/09/2016 10:19:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:42:01 PM on ‎11/‎9/‎2016 was unexpected.

Error: (11/08/2016 12:27:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:31:44 AM on ‎11/‎8/‎2016 was unexpected.

Error: (11/07/2016 11:15:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:16:51 PM on ‎11/‎7/‎2016 was unexpected.

Error: (11/07/2016 06:59:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:45:10 AM on ‎11/‎7/‎2016 was unexpected.

Error: (11/07/2016 06:44:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:35:06 AM on ‎11/‎7/‎2016 was unexpected.

Error: (11/05/2016 01:49:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:45:08 AM on ‎11/‎5/‎2016 was unexpected.

Error: (11/03/2016 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/03/2016 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/03/2016 11:32:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (11/03/2016 11:32:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5620 @ 2.40GHz
Percentage of memory in use: 12%
Total physical RAM: 24573.55 MB
Available physical RAM: 21567.8 MB
Total Virtual: 49145.29 MB
Available Virtual: 46128.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:190.11 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 365F7EB8)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 365F7EAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Noah (administrator) on NOAH-PC (14-11-2016 20:12:27)
Running from C:\Users\Noah\Desktop
Loaded Profiles: Noah (Available Profiles: Noah)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Noah\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2098232 2016-10-22] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [Emvtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Noah\AppData\Local\Okxzics\cfgccFactory.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-12-14]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48E38C31-FD78-4F3A-91AF-BB1A49B789F4}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{48E38C31-FD78-4F3A-91AF-BB1A49B789F4}: [DhcpNameServer] 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{723ED7DC-4EB6-4979-A561-36A73F7CCC30}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE8CDCF8-94CE-4ECF-99C3-F824ECE08638}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{DE8CDCF8-94CE-4ECF-99C3-F824ECE08638}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE12&ocid=UE12DHP
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: b84nzi84.default
FF ProfilePath: C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\b84nzi84.default [2016-11-14]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\b84nzi84.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-05-15]
FF Extension: (Tabular Data Control) - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\b84nzi84.default\Extensions\{333C5D90-9F89-EA41-8454-6105BDD88F4B} [2016-11-01] [not signed]
FF Extension: (Flashblock) - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\b84nzi84.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-02-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-23] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: questrade.com/QuestradeIQEdgeDetector -> C:\Program Files (x86)\Questrade IQ Edge\npQuestradeIQEdgeDetector.dll [2016-06-28] (Questrade Inc)

Chrome:
=======
CHR Profile: C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default [2016-11-14]
CHR Extension: (Google Drive) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-21]
CHR Extension: (Rapport) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-06-21]
CHR Extension: (YouTube) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-21]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-08-17]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-07-16]
CHR Extension: (Docs Online Viewer) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpljdlgcdkljlppaekciacdmdlhfeon [2016-09-24]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-21]
CHR Extension: (Gmail) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKU\S-1-5-21-3861468753-2686166107-4350438-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4167224 2016-10-22] (NVIDIA Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 20:12 - 2016-11-14 20:12 - 02411520 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (2).exe
2016-11-14 20:12 - 2016-11-14 20:12 - 00011533 _____ C:\Users\Noah\Desktop\FRST.txt
2016-11-14 20:11 - 2016-11-14 20:11 - 02411520 _____ (Farbar) C:\Users\Noah\Desktop\FRST64 (1).exe
2016-11-14 20:07 - 2016-11-14 20:07 - 00000000 ____D C:\Users\Noah\Downloads\FRST-OlderVersion
2016-11-07 07:13 - 2016-11-07 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-07 07:12 - 2016-10-22 01:04 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-07 07:12 - 2016-10-22 01:04 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-07 07:12 - 2016-10-22 00:22 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-07 07:12 - 2016-09-09 13:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-11-07 07:12 - 2016-09-09 13:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-11-07 07:12 - 2016-09-09 13:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-11-07 07:12 - 2016-09-09 13:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-11-07 07:11 - 2016-10-22 00:33 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-11-07 07:10 - 2016-10-22 02:20 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 35224120 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 34701368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 28136504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 17426520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 17338976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 14394528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 14017984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-07 07:10 - 2016-10-22 02:20 - 10910184 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 10772640 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 10324072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 09112272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 08912488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 08715728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 03627968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 03469408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 03193400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437563.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437563.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 01037368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-07 07:10 - 2016-10-22 02:20 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-07 07:10 - 2016-10-22 02:20 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-07 05:50 - 2016-10-22 02:20 - 04167224 _____ (NVIDIA Corporation) C:\Windows\system32\nvwmi64.exe
2016-11-07 05:50 - 2016-10-22 02:20 - 00009472 _____ C:\Windows\system32\nvPerfProvider.man
2016-11-07 05:50 - 2016-10-22 01:04 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-07 05:50 - 2016-10-22 01:04 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-07 05:50 - 2016-10-22 01:04 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-07 05:50 - 2016-10-22 01:04 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-07 05:50 - 2016-10-22 01:04 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-07 05:50 - 2016-10-21 02:17 - 07500035 _____ C:\Windows\system32\nvcoproc.bin
2016-11-07 05:49 - 2016-10-22 02:20 - 00215608 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-07 05:49 - 2016-10-22 02:20 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-07 05:42 - 2016-10-22 02:20 - 19917400 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-07 05:42 - 2016-10-22 02:20 - 03930688 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-07 05:42 - 2016-10-22 02:20 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-11-07 05:42 - 2016-10-18 09:53 - 01908088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434200.dll
2016-11-07 05:42 - 2016-10-18 09:53 - 01557552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434200.dll
2016-11-07 05:38 - 2016-11-07 05:38 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2016-11-07 05:38 - 2016-11-07 05:38 - 00000000 ____D C:\Users\Noah\Downloads\USBVaccineSetup50a
2016-11-07 05:38 - 2016-11-07 05:38 - 00000000 ____D C:\ProgramData\Panda Security
2016-11-07 05:38 - 2016-11-07 05:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-11-07 05:38 - 2016-11-07 05:38 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2016-11-07 05:32 - 2016-11-07 05:33 - 00839099 _____ C:\Users\Noah\Downloads\USBVaccineSetup50a (1).zip
2016-11-07 05:32 - 2016-11-07 05:32 - 00839099 _____ C:\Users\Noah\Downloads\USBVaccineSetup50a.zip
2016-11-07 04:57 - 2016-11-07 05:41 - 216192096 _____ (NVIDIA Corporation) C:\Users\Noah\Downloads\342.00-quadro-grid-desktop-notebook-win8-win7-64bit-international-whql.exe
2016-11-07 04:14 - 2016-11-07 04:14 - 00000000 ____D C:\Users\Noah\AppData\Local\CrashDumps
2016-11-05 02:27 - 2016-10-22 02:20 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-05 02:27 - 2016-10-22 02:20 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-05 02:26 - 2016-11-05 02:26 - 00000000 ____D C:\NVIDIA
2016-11-05 01:54 - 2016-11-05 02:25 - 269320176 _____ (NVIDIA Corporation) C:\Users\Noah\Downloads\375.63-quadro-grid-desktop-notebook-win8-win7-64bit-international-whql.exe
2016-11-04 23:00 - 2016-11-04 23:00 - 00159191 _____ C:\Users\Noah\Downloads\CFE_VIX_Futures_Trading_Strategies (1).pdf
2016-11-04 22:57 - 2016-11-04 22:57 - 00159191 _____ C:\Users\Noah\Downloads\CFE_VIX_Futures_Trading_Strategies.pdf
2016-11-04 05:44 - 2016-11-04 05:44 - 00076392 _____ C:\Users\Noah\Downloads\39435.pdf
2016-11-04 00:55 - 2016-11-04 00:55 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-04 00:53 - 2016-11-04 00:53 - 00243520 _____ C:\Users\Noah\Downloads\Firefox Setup Stub 49.0.2.exe
2016-11-04 00:30 - 2016-11-04 00:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-04 00:30 - 2016-11-04 00:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-11-04 00:30 - 2016-11-04 00:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-04 00:27 - 2016-11-04 00:28 - 13165792 _____ (Microsoft Corporation) C:\Users\Noah\Downloads\Silverlight_x64.exe
2016-11-03 23:37 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-11-03 23:37 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-11-03 23:27 - 2016-11-03 23:27 - 00000000 ____D C:\Users\Noah\AppData\LocalLow\BitTorrent
2016-11-03 22:54 - 2016-11-04 04:55 - 00000000 ____D C:\Users\Noah\Desktop\Questrade related
2016-11-03 22:53 - 2016-11-03 23:01 - 00000000 ____D C:\Users\Noah\Desktop\green
2016-11-03 21:42 - 2016-11-10 06:27 - 00000000 ____D C:\Users\Noah\Documents\Questrade IQ Edge
2016-11-03 21:42 - 2016-11-03 21:42 - 00001061 _____ C:\Users\Public\Desktop\Questrade IQ Edge.lnk
2016-11-03 21:42 - 2016-11-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Questrade IQ Edge
2016-11-03 21:42 - 2016-11-03 21:42 - 00000000 ____D C:\Program Files (x86)\Questrade IQ Edge
2016-11-03 21:38 - 2016-11-03 21:39 - 19220888 _____ (Questrade Inc. ) C:\Users\Noah\Downloads\QuestradeIQEdge.exe
2016-11-02 02:05 - 2016-11-10 06:27 - 00000000 ____D C:\Users\Noah\AppData\Roaming\Questrade
2016-11-02 01:16 - 2016-11-04 01:53 - 00000000 ____D C:\Users\Noah\Documents\Questrade IQ Edge Practice
2016-11-02 01:13 - 2016-11-02 01:13 - 00001164 _____ C:\Users\Public\Desktop\Questrade IQ Edge Practice.lnk
2016-11-02 01:13 - 2016-11-02 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Questrade IQ Edge Practice
2016-11-02 01:13 - 2016-11-02 01:13 - 00000000 ____D C:\Program Files (x86)\Questrade IQ Edge Practice
2016-11-02 01:05 - 2016-11-02 01:06 - 18936744 _____ (Questrade Inc. ) C:\Users\Noah\Downloads\QuestradeIQEdgePractice.exe
2016-11-01 23:42 - 2016-11-13 22:50 - 00000000 ____D C:\Users\Noah\AppData\Local\Okxzics
2016-11-01 23:42 - 2016-11-02 20:48 - 00000000 ____D C:\Users\Noah\AppData\Local\AWCworks
2016-11-01 23:41 - 2016-11-02 20:51 - 00000000 ___HD C:\Users\Noah\AppData\Local\SysHashTable
2016-11-01 02:48 - 2016-09-30 15:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-01 02:48 - 2016-09-30 14:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-01 02:48 - 2016-09-30 10:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-01 02:48 - 2016-09-30 10:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-01 02:48 - 2016-09-30 10:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-01 02:48 - 2016-09-30 02:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-01 02:48 - 2016-09-30 01:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-01 02:48 - 2016-09-30 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-01 02:48 - 2016-09-30 01:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-01 02:48 - 2016-09-30 01:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-01 02:48 - 2016-09-30 01:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-01 02:48 - 2016-09-30 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-01 02:48 - 2016-09-30 01:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-01 02:48 - 2016-09-30 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-01 02:48 - 2016-09-30 01:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-01 02:48 - 2016-09-30 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-01 02:48 - 2016-09-30 01:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-01 02:48 - 2016-09-30 01:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-01 02:48 - 2016-09-30 01:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-01 02:48 - 2016-09-30 01:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-01 02:48 - 2016-09-30 01:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-01 02:48 - 2016-09-30 01:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-01 02:48 - 2016-09-30 01:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-01 02:48 - 2016-09-30 01:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-01 02:48 - 2016-09-30 00:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-01 02:48 - 2016-09-30 00:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-01 02:48 - 2016-09-30 00:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-01 02:48 - 2016-09-30 00:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-01 02:48 - 2016-09-30 00:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-01 02:48 - 2016-09-30 00:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-01 02:48 - 2016-09-30 00:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-01 02:48 - 2016-09-30 00:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-01 02:48 - 2016-09-30 00:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-01 02:48 - 2016-09-30 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-01 02:48 - 2016-09-30 00:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-01 02:48 - 2016-09-30 00:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-01 02:48 - 2016-09-30 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-01 02:48 - 2016-09-30 00:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-01 02:48 - 2016-09-30 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-01 02:48 - 2016-09-30 00:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-01 02:48 - 2016-09-30 00:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-01 02:48 - 2016-09-30 00:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-01 02:48 - 2016-09-30 00:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-01 02:48 - 2016-09-30 00:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-01 02:48 - 2016-09-30 00:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-01 02:48 - 2016-09-30 00:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-01 02:48 - 2016-09-30 00:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-01 02:48 - 2016-09-30 00:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-01 02:48 - 2016-09-30 00:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-01 02:48 - 2016-09-30 00:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-01 02:48 - 2016-09-30 00:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-01 02:48 - 2016-09-30 00:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-01 02:48 - 2016-09-30 00:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-01 02:48 - 2016-09-30 00:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-01 02:48 - 2016-09-30 00:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-01 02:48 - 2016-09-30 00:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-01 02:48 - 2016-09-30 00:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-01 02:48 - 2016-09-30 00:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-01 02:48 - 2016-09-30 00:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-01 02:48 - 2016-09-30 00:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-01 02:48 - 2016-09-30 00:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-01 02:48 - 2016-09-30 00:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-01 02:48 - 2016-09-30 00:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-01 02:48 - 2016-09-30 00:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-01 02:48 - 2016-09-30 00:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-01 02:48 - 2016-09-29 23:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-01 02:48 - 2016-09-29 23:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-01 02:48 - 2016-09-29 23:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-01 02:48 - 2016-09-29 23:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-01 02:48 - 2016-09-15 10:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-01 02:48 - 2016-09-15 10:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-01 02:48 - 2016-09-15 10:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-01 02:48 - 2016-09-15 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-01 02:48 - 2016-09-12 16:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-01 02:48 - 2016-09-12 16:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-01 02:48 - 2016-09-12 16:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-01 02:48 - 2016-09-12 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-01 02:48 - 2016-09-12 15:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-01 02:48 - 2016-09-12 15:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-01 02:48 - 2016-09-12 15:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-01 02:48 - 2016-09-12 15:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-01 02:48 - 2016-09-12 15:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-01 02:48 - 2016-09-12 15:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-01 02:48 - 2016-09-12 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-01 02:48 - 2016-09-12 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-01 02:48 - 2016-09-12 15:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-01 02:48 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-01 02:48 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-01 02:48 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-01 02:48 - 2016-09-10 11:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-01 02:48 - 2016-09-10 10:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-01 02:48 - 2016-09-09 13:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-01 02:48 - 2016-09-09 13:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-01 02:48 - 2016-09-09 13:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 13:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-01 02:48 - 2016-09-09 13:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-01 02:48 - 2016-09-09 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-01 02:48 - 2016-09-09 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-01 02:48 - 2016-09-09 13:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-01 02:48 - 2016-09-09 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-01 02:48 - 2016-09-09 12:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-01 02:48 - 2016-09-09 12:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-01 02:48 - 2016-09-09 12:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-01 02:48 - 2016-09-09 12:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-01 02:48 - 2016-09-09 12:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-01 02:48 - 2016-09-09 12:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-01 02:48 - 2016-09-09 12:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-01 02:48 - 2016-09-09 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-01 02:48 - 2016-09-09 12:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-01 02:48 - 2016-09-09 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-01 02:48 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-11-01 02:48 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-11-01 02:48 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-11-01 02:48 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-11-01 02:48 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-11-01 02:48 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-11-01 02:47 - 2016-09-12 16:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-11-01 02:47 - 2016-09-12 16:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-11-01 02:47 - 2016-09-09 10:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-31 21:41 - 2016-11-04 00:07 - 00000000 ____D C:\Users\Noah\Downloads\Hillarys America 2016
2016-10-31 21:41 - 2016-10-31 22:19 - 838860800 ____R C:\Users\Noah\Desktop\Hillarys America 2016.avi
2016-10-31 21:41 - 2016-10-31 21:41 - 00033026 _____ C:\Users\Noah\Downloads\Hillarys America 2016.torrent
2016-10-31 20:54 - 2016-11-04 00:10 - 00000000 ____D C:\Users\Noah\AppData\Roaming\BitTorrent
2016-10-31 20:54 - 2016-10-31 20:54 - 02376392 _____ (BitTorrent Inc.) C:\Users\Noah\Downloads\BitTorrent.exe
2016-10-27 11:50 - 2016-11-02 20:47 - 00269152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-26 19:03 - 2016-10-26 19:03 - 00059184 _____ C:\Users\Noah\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-24 08:57 - 2016-10-24 08:58 - 63235648 _____ (Oracle Corporation) C:\Users\Noah\Downloads\jre-8u111-windows-x64.exe
2016-10-16 21:04 - 2016-11-02 21:48 - 00000000 ____D C:\Users\Noah\Desktop\trading vids

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 20:12 - 2016-10-03 22:24 - 00000000 ____D C:\FRST
2016-11-14 20:07 - 2016-10-03 22:23 - 02411520 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe
2016-11-14 19:15 - 2016-06-21 13:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 18:15 - 2016-06-21 13:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 05:10 - 2015-12-14 02:35 - 00000000 ____D C:\Users\Noah\.oanda
2016-11-14 03:31 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 03:31 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-13 22:56 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 22:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-13 22:50 - 2015-12-14 06:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-13 22:50 - 2015-12-14 00:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 22:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-08 12:28 - 2016-03-30 01:06 - 00000000 ____D C:\Users\Noah\.oracle_jre_usage
2016-11-07 07:13 - 2015-12-14 06:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 07:11 - 2015-12-14 06:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-07 06:27 - 2015-12-14 06:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-07 05:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-11-04 00:55 - 2015-12-14 01:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-03 22:58 - 2016-09-30 01:21 - 00000000 ____D C:\Users\Noah\Desktop\iphone backup
2016-11-03 22:28 - 2016-07-31 21:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-03 07:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-02 21:11 - 2016-10-03 22:25 - 00027005 _____ C:\Users\Noah\Downloads\Addition.txt
2016-11-02 21:11 - 2016-10-03 22:24 - 00047496 _____ C:\Users\Noah\Downloads\FRST.txt
2016-11-02 20:48 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-11-02 20:41 - 2015-12-14 14:51 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-11-02 20:41 - 2015-12-14 14:51 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-02 08:56 - 2016-05-02 23:30 - 00000000 ____D C:\Users\Noah\AppData\Local\JxBrowser
2016-11-02 01:14 - 2016-07-31 21:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-01 23:35 - 2016-06-20 21:00 - 00000000 ____D C:\Users\Noah\AppData\Roaming\vlc
2016-11-01 02:54 - 2015-12-14 06:35 - 00000000 ____D C:\Windows\system32\MRT
2016-11-01 02:50 - 2015-12-14 06:34 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-31 23:29 - 2015-12-13 21:41 - 00000000 ____D C:\Users\Noah\Desktop\Desktop Trading
2016-10-28 12:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-10-28 00:03 - 2015-12-14 00:56 - 00000000 ____D C:\Users\Noah\AppData\Local\Google
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-24 09:01 - 2016-06-20 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 09:01 - 2016-06-20 21:16 - 00000000 ____D C:\Program Files\Java
2016-10-24 09:00 - 2016-06-20 21:16 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-24 08:53 - 2015-12-14 04:22 - 00007621 _____ C:\Users\Noah\AppData\Local\Resmon.ResmonCfg
2016-10-22 02:20 - 2016-09-23 22:09 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-21 16:18 - 2016-06-21 14:00 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 16:18 - 2016-06-21 14:00 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-16 23:14 - 2016-07-21 00:45 - 00000000 ____D C:\Users\Noah\Desktop\Trading Video Commentary

==================== Files in the root of some directories =======

2015-12-14 04:22 - 2016-10-24 08:53 - 0007621 _____ () C:\Users\Noah\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Noah\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-14 00:24

==================== End of FRST.txt ============================



#12 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 16 November 2016 - 06:41 AM

Hi Haagendaz,

Thank you for the logs.

A reminder

  • Please do not try to fix anything or make changes to your system's configuration/settings without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • Perform my instructions in the order as given.


Download and run RKill

 

Let's run RKill which is a tool that terminates malicious processes that may interfere with normal operations.

Please download RKill by Grinler and save it to your desktop. 

  • Link 1
  • Link 2
  • Double-click on the RKill desktop icon to run the tool.
  • If using Vista/Windows7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and it indicates that the tool ran successfully.
  • If RKill doesn't run, delete the file, then download and use the one provided in Link 2.
  • If RKill still doesn't run, delete that file and download again from Link 1. Repeat this process using alternate links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know how many times you downloaded RKill.
  • Do not reboot the computer. (If you reboot, that will make the next tool less effective.)
  • Rkill will produce a log. Please copy and paste the contents of Rkill.txt into your reply.



Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

CloseProcesses:
CreateRestorePoint:
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
HKU\S-1-5-21-3861468753-2686166107-4350438-1000\...\Run: [Emvtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Noah\AppData\Local\Okxzics\cfgccFactory.dll
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
2016-11-01 23:42 - 2016-11-13 22:50 - 00000000 ____D C:\Users\Noah\AppData\Local\Okxzics
2016-11-01 23:42 - 2016-11-02 20:48 - 00000000 ____D C:\Users\Noah\AppData\Local\AWCworks
2016-11-01 23:41 - 2016-11-02 20:51 - 00000000 ___HD C:\Users\Noah\AppData\Local\SysHashTable
2016-10-31 20:54 - 2016-11-04 00:10 - 00000000 ____D C:\Users\Noah\AppData\Roaming\BitTorrent
2016-10-31 20:54 - 2016-10-31 20:54 - 02376392 _____ (BitTorrent Inc.) C:\Users\Noah\Downloads\BitTorrent.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Noah\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Okxzics => C:\Users\Noah\AppData\Local\Okxzics\tmp7D95.exe
MSCONFIG\startupreg: Windows Performance Monitor => rundll32.exe "C:\Users\Noah\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall
File: C:\Windows\System32\drivers\dcrypt.sys

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.
 

 

Rescan with Farbar Recovery Scan Tool

 

Please download a fresh copy of Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.


In your next reply...


  • Copy and paste the contents of Rkill.txt into the body of your message.
  • Copy and paste the contents of Fixlog.txt into the body of your message.
  • Copy and paste the contents of FRST.txt and Addition.txt into the body of your message.
  • Has the performance of video playback improved?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:51 AM

Posted 19 November 2016 - 12:24 PM

Hi Haagendaz,

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • In future, if you will need more than three days to respond, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Thank you,
 
Ray


Edited by RayS, 19 November 2016 - 12:29 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 23 November 2016 - 10:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users