Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Virus with black screen asking for OS key

This is a discussion on Virus with black screen asking for OS key within the Resolved HJT Threads forums, part of the Tech Support Forum category. Tried restarting in safe mode and still gives me the same screen after signing in. Can open task manager with


 
 
Thread Tools Search this Thread
Old 05-03-2016, 01:15 PM   #1
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



Tried restarting in safe mode and still gives me the same screen after signing in. Can open task manager with ctrl-alt-del. Cpu running at 100%. Programs taking up cpu usage are as follows...Oalespah and Vulfuoodx a few other programs keep opening and closing quickly can read them fast enough.
Attached Thumbnails
Click image for larger version

Name:	1462306147727-954064806_1462306196714.jpg
Views:	104
Size:	81.7 KB
ID:	280426  
Jaraxel89 is offline  
Sponsored Links
Advertisement
 
Old 05-03-2016, 01:20 PM   #2
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10


Also a Wiindows.exe opens as well.
Attached Thumbnails
Click image for larger version

Name:	1462306699806-1534943263_1462306721068.jpg
Views:	114
Size:	164.2 KB
ID:	280434  
Jaraxel89 is offline  
Old 05-07-2016, 09:24 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Print out these instructions to use while in the Recovery Environment or read off another computer:

You will need a USB drive for these instructions, and another computer.

You will also need to be able to boot to Command Prompt within the Recovery Environment on the infected computer using these instructions:

Three Ways to Access the Windows 8 or 10 Boot Options Menu

If you are unable to boot to Command Prompt within the Advanced Options menu, stop here and let me know.

------------------------------------------------------

Download Farbar Recovery Scan Tool x64 and save it to a USB drive on another computer.

Plug the USB drive into the infected PC.
  • Reboot your computer.
  • Using the previous instructions, enter the Advanced Options menu and select Command Prompt
  • In the command window type in Notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your USB drive letter and close Notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your USB drive.
  • The tool will start to run.
  • When the tool opens click 'Yes' to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the USB drive.
  • Exit FRST64
  • Type exit then press Enter. Restart your computer.
  • Please copy and paste FRST.txt in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 05-10-2016, 02:05 PM   #4
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



Before seeing this I had downloaded Malwarebytes in safe mode and run the scan deleting what was needed and restarting. Next I downloaded bitdefender and ran scans then deleted things again and restarted. I feel as though it is clean but I still worry it isn't so here is the text you asked me to run.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Tighe (administrator) on DESKTOP-3OFGD0R (10-05-2016 17:00:30)
Running from C:\Users\Tighe\Downloads
Loaded Profiles: Tighe (Available Profiles: Tighe)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Curse) C:\Users\Tighe\AppData\Local\Apps\2.0\5ADAM6CE.KGC\AP1HVXJJ.244\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6927.23501.0_x64__8wekyb3d8bbwe\OHub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6868.57841.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [4131280 2015-08-05] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1031120 2015-05-18] (MSI)
HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\Run: [Spotify Web Helper] => C:\Users\Tighe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-28] (Spotify Ltd)
Startup: C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-25] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{a4ec6f1d-c285-4b96-8009-5bfe6f536e19}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Tighe\AppData\Roaming\Mozilla\Firefox\Profiles\wiudmzk2.default
FF DefaultSearchEngine.US: Search Module
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Extension: Bitdefender QuickScan - C:\Users\Tighe\AppData\Roaming\Mozilla\Firefox\Profiles\wiudmzk2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-05-03]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-26] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [100816 2015-06-02] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-04-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [364352 2016-04-08] ()
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2016-01-19] (Intel Corporation)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2016-01-19] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2016-01-19] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 17:00 - 2016-05-10 17:00 - 00011861 _____ C:\Users\Tighe\Downloads\FRST.txt
2016-05-10 17:00 - 2016-05-10 17:00 - 00000000 ____D C:\FRST
2016-05-10 16:59 - 2016-05-10 17:00 - 02381312 _____ (Farbar) C:\Users\Tighe\Downloads\FRST64.exe
2016-05-10 16:52 - 2016-05-10 16:52 - 09316520 _____ (Grinding Gear Games) C:\Users\Tighe\Downloads\PathOfExileInstaller.exe
2016-05-03 20:12 - 2016-05-03 20:12 - 00000000 ____D C:\Users\Tighe\Documents\My Games
2016-05-03 19:54 - 2016-05-03 19:54 - 00001937 _____ C:\Users\Tighe\Desktop\My PC.lnk
2016-05-03 19:27 - 2016-05-03 19:27 - 00000000 ____D C:\Users\Tighe\AppData\Temp
2016-05-03 19:23 - 2016-05-03 19:23 - 00408496 _____ C:\ProgramData\1462317681.bdinstall.bin
2016-05-03 19:23 - 2016-05-03 19:23 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2016-05-03 19:23 - 2016-05-03 19:23 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-05-03 19:23 - 2016-05-03 19:23 - 00000385 _____ C:\Users\Tighe\AppData\Roaminguser_gensett.xml
2016-05-03 19:22 - 2016-05-03 19:28 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Bitdefender
2016-05-03 19:22 - 2016-05-03 19:27 - 00002268 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-03 19:22 - 2016-05-03 19:22 - 00253404 ____H C:\bdr-ld01
2016-05-03 19:22 - 2016-05-03 19:22 - 00009216 ____H C:\bdr-ld01.mbr
2016-05-03 19:22 - 2016-05-03 19:22 - 00000684 ____H C:\bdr-cf01
2016-05-03 19:22 - 2016-05-03 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-03 19:22 - 2016-05-03 19:22 - 00000000 ____D C:\ProgramData\BDLogging
2016-05-03 19:22 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-05-03 19:22 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-05-03 19:22 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-05-03 19:22 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im01.gz
2016-05-03 19:22 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-05-03 19:22 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-05-03 19:22 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2016-05-03 19:22 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-05-03 19:21 - 2016-05-03 19:37 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-03 19:21 - 2016-05-03 19:21 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-03 19:21 - 2016-05-03 19:21 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-03 19:21 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-05-03 19:21 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-05-03 19:16 - 2016-05-03 19:16 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-03 19:14 - 2016-05-10 16:17 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-03 19:14 - 2016-05-03 19:14 - 10314888 _____ C:\Users\Tighe\Downloads\bitdefender_tsecurity.exe
2016-05-03 19:11 - 2016-05-10 16:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-03 19:11 - 2016-05-03 19:27 - 00001169 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-03 19:11 - 2016-05-03 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-03 19:11 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-03 19:11 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-03 19:11 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-03 19:10 - 2016-05-03 19:10 - 22851472 _____ (Malwarebytes ) C:\Users\Tighe\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-03 19:07 - 2016-05-03 19:07 - 00000000 ____D C:\Users\Tighe\AppData\Local\Razer_Inc
2016-05-03 19:06 - 2016-05-03 19:20 - 00000000 ____D C:\Program Files (x86)\Razer
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ____D C:\ProgramData\Razer
2016-05-03 18:32 - 2016-05-03 19:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-03 18:32 - 2016-05-03 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-03 18:08 - 2016-05-03 18:08 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-05-03 17:24 - 2016-05-03 17:24 - 00000000 ____D C:\WINDOWS\system32\kof
2016-05-03 17:06 - 2016-05-03 18:27 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\QuickScan
2016-05-03 16:47 - 2016-05-03 16:47 - 00007622 _____ C:\Users\Tighe\AppData\Local\Resmon.ResmonCfg
2016-05-03 16:40 - 2016-05-03 16:40 - 00000000 ____D C:\WINDOWS\system32\suo
2016-05-03 15:22 - 2016-05-03 15:22 - 00000000 ____D C:\WINDOWS\system32\gocg
2016-05-03 15:17 - 2016-05-03 15:17 - 00000000 ____D C:\WINDOWS\system32\qikg
2016-05-03 14:37 - 2016-05-03 18:38 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\WeaagOukau
2016-05-03 14:31 - 2016-05-03 14:47 - 00000000 ____D C:\Users\Tighe\AppData\Local\app
2016-05-03 14:30 - 2016-05-03 14:30 - 00000000 ____D C:\Program Files (x86)\Securid
2016-05-03 14:28 - 2016-05-03 14:28 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-05-03 14:27 - 2016-05-03 18:38 - 00000000 ____D C:\Users\Tighe\AppData\LocalLow\Company
2016-05-03 14:27 - 2016-05-03 14:37 - 00000000 ____D C:\Users\Tighe\AppData\Local\Tempfolder
2016-04-14 12:25 - 2016-05-03 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-14 12:11 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-14 12:11 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 12:11 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-14 12:11 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-14 12:11 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-14 12:11 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-14 12:11 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-14 12:11 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-14 12:11 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-14 12:11 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-14 12:11 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-14 12:11 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-14 12:11 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-14 12:11 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-14 12:11 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-14 12:11 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-14 12:11 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-14 12:11 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-14 12:11 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-14 12:11 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-14 12:11 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-14 12:11 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-14 12:11 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-14 12:11 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-14 12:11 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-14 12:11 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-14 12:11 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-14 12:11 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-14 12:11 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-14 12:11 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-14 12:11 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-14 12:10 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-14 12:10 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-14 12:10 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-14 12:10 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 12:10 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-14 12:10 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-14 12:10 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-14 12:10 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-14 12:10 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-14 12:10 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-14 12:10 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-14 12:10 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-14 12:10 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-14 12:10 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-14 12:10 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-14 12:10 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-14 12:10 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-14 12:10 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-14 12:10 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-14 12:10 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-14 12:10 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-14 12:10 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-14 12:10 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-14 12:10 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-14 12:10 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 12:10 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 12:10 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 12:10 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 12:10 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-14 12:10 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-14 12:10 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-14 12:10 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-14 12:10 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-14 12:10 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-14 12:10 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-14 12:10 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-14 12:10 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-14 12:10 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-14 12:10 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-14 12:10 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-14 12:10 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-14 12:10 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-14 12:10 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-14 12:10 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-14 12:10 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-14 12:10 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-14 12:10 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-14 12:10 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-14 12:10 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-14 12:10 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-14 12:10 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-14 12:10 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-14 12:10 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-14 12:10 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-14 12:10 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-14 12:10 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-14 12:10 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-14 12:10 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-14 12:10 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-14 12:10 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-14 12:10 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-14 12:10 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-14 12:10 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-14 12:10 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-14 12:10 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-14 12:10 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-14 12:10 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-14 12:10 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-14 12:10 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-14 12:10 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-14 12:10 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-14 12:10 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 12:10 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-14 12:10 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-14 12:10 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-14 12:10 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-14 12:10 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-14 12:10 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 12:10 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-14 12:10 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-14 12:10 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-14 12:10 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-14 12:10 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-14 12:10 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-14 12:10 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-14 12:10 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-14 12:10 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-14 12:10 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-14 12:10 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-14 12:10 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-14 12:10 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-14 12:10 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-14 12:10 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-14 12:10 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-14 12:10 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-14 12:10 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-14 12:10 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-14 12:10 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-14 12:10 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-14 12:10 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-14 12:10 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-14 12:10 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-14 12:10 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 12:10 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-14 12:10 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-14 12:10 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-14 12:10 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-14 12:10 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-14 12:10 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-14 12:10 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-14 12:10 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-14 12:10 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-14 12:10 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-14 12:10 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-14 12:10 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-14 12:10 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-14 12:10 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-14 12:10 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-14 12:10 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-14 12:10 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-14 12:10 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-14 12:10 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-14 12:10 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-14 12:10 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-14 12:10 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-14 12:10 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-14 12:10 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-14 12:10 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-14 12:10 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-14 12:10 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 12:10 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 12:10 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-14 12:10 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-14 12:10 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-14 12:10 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-14 12:10 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-14 12:10 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-14 12:10 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-14 12:10 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-14 12:10 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-14 12:10 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-14 12:10 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-14 12:10 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-14 12:10 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-14 12:10 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-14 12:10 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-14 12:10 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-14 12:10 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-14 12:10 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-14 12:10 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-14 12:10 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-14 12:10 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-14 12:10 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-14 12:10 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-14 12:10 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-14 12:10 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-14 12:10 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-14 12:10 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-14 12:10 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-14 12:10 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-14 12:10 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-14 12:10 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-14 12:10 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-14 12:10 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-14 12:10 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-14 12:10 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-14 12:10 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-14 12:10 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-14 12:10 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-14 12:10 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-14 12:10 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-14 12:10 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-14 12:10 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-14 12:10 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-14 12:10 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-14 12:10 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-14 12:10 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-14 12:10 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-14 12:10 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-14 12:10 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-14 12:10 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-14 12:10 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-14 12:10 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-14 12:10 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-14 12:10 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-14 12:10 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-14 12:10 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 12:10 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-14 12:10 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-14 12:10 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-14 12:10 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-14 12:10 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-14 12:10 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-14 12:10 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-14 12:10 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-14 12:10 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-14 12:10 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-14 12:10 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-14 12:10 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-14 12:10 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-14 12:10 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-14 12:10 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-14 12:10 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-14 12:10 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 12:10 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-14 12:10 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 12:10 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-14 12:10 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 12:10 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 12:07 - 2016-04-14 12:08 - 00007575 _____ C:\Users\Tighe\Desktop\Tigheanrnan-Lord.pdf
2016-04-14 11:51 - 2016-05-03 19:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-04-14 11:51 - 2016-04-14 11:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-12 07:20 - 2016-04-12 07:20 - 00095400 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 16:52 - 2016-01-21 21:19 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D3B7733-900E-41F1-A430-143F9B9EB193}
2016-05-10 16:45 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-10 16:44 - 2016-01-19 23:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 16:41 - 2016-01-19 23:22 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 16:38 - 2016-01-28 04:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-10 16:38 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-10 16:38 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-10 16:17 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Local\Deployment
2016-05-10 16:17 - 2016-01-23 07:39 - 00000000 ____D C:\Users\Tighe
2016-05-04 01:45 - 2016-01-19 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-03 19:37 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-03 19:27 - 2016-04-04 23:20 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-05-03 19:27 - 2016-04-04 23:20 - 00001252 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2016-05-03 19:27 - 2016-02-04 21:41 - 00001087 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-05-03 19:27 - 2016-02-04 21:41 - 00001081 _____ C:\Users\Tighe\Desktop\Curse.lnk
2016-05-03 19:27 - 2016-02-03 20:17 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-03 19:27 - 2016-01-26 03:00 - 00000934 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2016-05-03 19:27 - 2016-01-26 01:30 - 00001158 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-05-03 19:27 - 2016-01-23 23:11 - 00001856 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-03 19:27 - 2016-01-23 23:11 - 00001850 _____ C:\Users\Tighe\Desktop\Spotify.lnk
2016-05-03 19:27 - 2016-01-23 07:40 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-03 19:27 - 2016-01-22 15:45 - 00002128 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-05-03 19:27 - 2016-01-20 03:48 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-05-03 19:27 - 2016-01-20 00:14 - 00001211 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-05-03 19:27 - 2016-01-19 23:33 - 00001030 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-03 19:27 - 2016-01-19 23:25 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-03 19:27 - 2016-01-19 23:21 - 00002134 _____ C:\Users\Public\Desktop\MSI Super Charger.lnk
2016-05-03 19:27 - 2016-01-19 23:10 - 00002365 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-03 19:26 - 2016-01-19 23:10 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-03 19:26 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-03 19:26 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-03 19:24 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-03 19:20 - 2016-01-23 07:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-03 19:19 - 2016-01-23 07:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-03 19:19 - 2016-01-19 23:21 - 00000000 ____D C:\ProgramData\Norton
2016-05-03 19:19 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-03 19:05 - 2016-02-23 14:57 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2016-05-03 19:05 - 2016-02-03 20:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-03 19:05 - 2016-01-27 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2016-05-03 19:05 - 2016-01-27 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-05-03 19:05 - 2016-01-26 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
2016-05-03 19:05 - 2016-01-26 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-05-03 19:05 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2016-05-03 19:05 - 2016-01-20 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-05-03 19:05 - 2016-01-20 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-05-03 19:05 - 2016-01-20 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-05-03 19:05 - 2016-01-19 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-03 19:05 - 2016-01-19 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-03 19:05 - 2016-01-19 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-03 19:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-03 19:05 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-03 19:04 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Local\Apps\2.0
2016-05-03 19:04 - 2016-01-19 23:09 - 00000000 ____D C:\Users\Tighe\AppData\Local\Packages
2016-05-03 19:04 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2016-05-03 19:04 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-05-02 21:24 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 21:24 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-27 15:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-26 13:19 - 2016-01-19 23:10 - 00000000 ___RD C:\Users\Tighe\OneDrive
2016-04-26 12:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-04-22 03:57 - 2016-01-19 23:23 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-22 01:21 - 2016-01-20 00:15 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 01:21 - 2016-01-20 00:14 - 00000000 ____D C:\Users\Tighe\AppData\Local\Battle.net
2016-04-22 00:19 - 2016-01-20 12:53 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-04-22 00:14 - 2016-01-27 03:47 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-22 00:08 - 2016-01-20 00:07 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-15 03:31 - 2016-01-23 07:38 - 00224256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 13:02 - 2016-02-03 21:05 - 00015603 _____ C:\Users\Tighe\Desktop\References.odt

==================== Files in the root of some directories =======

2016-05-03 16:47 - 2016-05-03 16:47 - 0007622 _____ () C:\Users\Tighe\AppData\Local\Resmon.ResmonCfg
2016-05-03 19:23 - 2016-05-03 19:23 - 0408496 _____ () C:\ProgramData\1462317681.bdinstall.bin
2016-01-23 07:38 - 2016-01-23 07:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-10 16:40

==================== End of FRST.txt ============================
Jaraxel89 is offline  
Old 05-10-2016, 07:22 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Jaraxel89. What are your plans for an antivirus?

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

I need to see the Addition.txt log from FRST before we can proceed.

Run FRST64 again, this time making sure the Addition.txt box is ticked before clicking Scan.

Please attach the Addition.txt log to your next reply. Thanks.

------------------------------------------------------

I also need to see the log from MBAM.

Open MBAM > History > Application Logs and open the latest Scan log and post the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-12-2016, 12:34 PM   #6
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



# AdwCleaner v5.116 - Logfile created 12/05/2016 at 15:25:51
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Tighe - DESKTOP-3OFGD0R
# Running from : C:\Users\Tighe\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [715 bytes] - [12/05/2016 15:25:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [776 bytes] - [12/05/2016 15:24:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [859 bytes] ##########
Jaraxel89 is offline  
Old 05-12-2016, 12:35 PM   #7
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Tighe (administrator) on DESKTOP-3OFGD0R (12-05-2016 15:32:56)
Running from C:\Users\Tighe\Downloads
Loaded Profiles: Tighe (Available Profiles: Tighe)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Curse) C:\Users\Tighe\AppData\Local\Apps\2.0\5ADAM6CE.KGC\AP1HVXJJ.244\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [4131280 2015-08-05] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1031120 2015-05-18] (MSI)
HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\Run: [Spotify Web Helper] => C:\Users\Tighe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-28] (Spotify Ltd)
Startup: C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-25] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{a4ec6f1d-c285-4b96-8009-5bfe6f536e19}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Tighe\AppData\Roaming\Mozilla\Firefox\Profiles\wiudmzk2.default
FF DefaultSearchEngine.US: Search Module
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Extension: Bitdefender QuickScan - C:\Users\Tighe\AppData\Roaming\Mozilla\Firefox\Profiles\wiudmzk2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-05-03]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-26] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [100816 2015-06-02] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-12] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [364352 2016-04-08] ()
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2016-01-19] (Intel Corporation)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2016-01-19] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2016-01-19] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 15:24 - 2016-05-12 15:25 - 00000000 ____D C:\AdwCleaner
2016-05-12 15:24 - 2016-05-12 15:24 - 03640384 _____ C:\Users\Tighe\Downloads\AdwCleaner.exe
2016-05-11 00:06 - 2016-05-12 15:25 - 00001571 _____ C:\bdlog.txt
2016-05-10 18:00 - 2016-05-11 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-10 17:11 - 2016-05-10 17:11 - 00002206 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2016-05-10 17:11 - 2016-05-10 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2016-05-10 17:11 - 2016-05-10 17:11 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2016-05-10 17:00 - 2016-05-12 15:32 - 00011209 _____ C:\Users\Tighe\Downloads\FRST.txt
2016-05-10 17:00 - 2016-05-12 15:32 - 00000000 ____D C:\FRST
2016-05-10 17:00 - 2016-05-10 17:01 - 00033421 _____ C:\Users\Tighe\Downloads\Addition.txt
2016-05-10 16:59 - 2016-05-10 17:00 - 02381312 _____ (Farbar) C:\Users\Tighe\Downloads\FRST64.exe
2016-05-10 16:52 - 2016-05-10 17:11 - 09316520 _____ (Grinding Gear Games) C:\Users\Tighe\Downloads\PathOfExileInstaller.exe
2016-05-10 16:27 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 16:27 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 16:27 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 16:27 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 16:27 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 16:27 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 16:27 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 16:27 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 16:27 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 16:27 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 16:27 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 16:27 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 16:27 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 16:27 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 16:27 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 16:27 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 16:27 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 16:27 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 16:27 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 16:27 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 16:27 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 16:27 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 16:27 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 16:27 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 16:27 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 16:27 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 16:27 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 16:27 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 16:27 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 16:27 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 16:27 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 16:27 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 16:27 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 16:27 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 16:27 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 16:27 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 16:27 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 16:27 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 16:27 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 16:27 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 16:27 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 16:27 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 16:27 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 16:27 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 16:27 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 16:27 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 16:27 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 16:27 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 16:27 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 16:27 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 16:27 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 16:27 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 16:27 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 16:27 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 16:27 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 16:27 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 16:27 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 16:27 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 16:27 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 16:27 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 16:27 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 16:27 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 16:27 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 16:27 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 16:27 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 16:27 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 16:27 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 16:27 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 16:27 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 16:27 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 16:27 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 16:27 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 16:27 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 16:27 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 16:27 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 16:27 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 16:27 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 16:27 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 16:27 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 16:27 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 16:27 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 16:27 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 16:27 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 16:27 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 16:27 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 16:27 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 16:27 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 16:27 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 16:27 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 16:27 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 16:27 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 16:27 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 16:27 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 16:27 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 16:27 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 16:27 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 16:27 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 16:27 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 16:27 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 16:27 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 16:27 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 16:27 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 16:27 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 16:27 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 16:27 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 16:27 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 16:27 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 16:27 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 16:27 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 16:27 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 16:27 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 16:27 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 16:27 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 16:27 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 16:27 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 16:27 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 16:27 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 16:27 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 16:27 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 16:27 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 16:27 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 16:27 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 16:27 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 16:27 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 16:27 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 16:27 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 16:27 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 16:27 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 16:27 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 16:27 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 16:27 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 16:27 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 16:27 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 16:27 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 16:27 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 16:27 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 16:27 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 16:27 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 16:27 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 16:27 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 16:27 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 16:27 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 16:27 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 16:27 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 16:27 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 16:27 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 16:27 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 16:27 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 16:27 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 16:26 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 16:26 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 16:26 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 16:26 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 16:26 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 16:26 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 16:26 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 16:26 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 16:26 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 16:26 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 16:26 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 16:26 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 16:26 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 16:26 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 16:26 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 16:26 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 16:26 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-03 20:12 - 2016-05-10 17:12 - 00000000 ____D C:\Users\Tighe\Documents\My Games
2016-05-03 19:54 - 2016-05-03 19:54 - 00001937 _____ C:\Users\Tighe\Desktop\My PC.lnk
2016-05-03 19:27 - 2016-05-03 19:27 - 00000000 ____D C:\Users\Tighe\AppData\Temp
2016-05-03 19:23 - 2016-05-03 19:23 - 00408496 _____ C:\ProgramData\1462317681.bdinstall.bin
2016-05-03 19:23 - 2016-05-03 19:23 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2016-05-03 19:23 - 2016-05-03 19:23 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-05-03 19:23 - 2016-05-03 19:23 - 00000385 _____ C:\Users\Tighe\AppData\Roaminguser_gensett.xml
2016-05-03 19:22 - 2016-05-03 19:28 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Bitdefender
2016-05-03 19:22 - 2016-05-03 19:27 - 00002268 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-03 19:22 - 2016-05-03 19:22 - 00253404 ____H C:\bdr-ld01
2016-05-03 19:22 - 2016-05-03 19:22 - 00009216 ____H C:\bdr-ld01.mbr
2016-05-03 19:22 - 2016-05-03 19:22 - 00000684 ____H C:\bdr-cf01
2016-05-03 19:22 - 2016-05-03 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-03 19:22 - 2016-05-03 19:22 - 00000000 ____D C:\ProgramData\BDLogging
2016-05-03 19:22 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-05-03 19:22 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-05-03 19:22 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2016-05-03 19:22 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im01.gz
2016-05-03 19:22 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2016-05-03 19:22 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2016-05-03 19:22 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2016-05-03 19:22 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-05-03 19:21 - 2016-05-03 19:37 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-03 19:21 - 2016-05-03 19:21 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-03 19:21 - 2016-05-03 19:21 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-03 19:21 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-05-03 19:21 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-05-03 19:16 - 2016-05-03 19:16 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-03 19:14 - 2016-05-12 15:27 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-03 19:14 - 2016-05-03 19:14 - 10314888 _____ C:\Users\Tighe\Downloads\bitdefender_tsecurity.exe
2016-05-03 19:11 - 2016-05-12 15:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-03 19:11 - 2016-05-03 19:27 - 00001169 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-03 19:11 - 2016-05-03 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-03 19:11 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-03 19:11 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-03 19:11 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-03 19:10 - 2016-05-03 19:10 - 22851472 _____ (Malwarebytes ) C:\Users\Tighe\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-03 19:07 - 2016-05-03 19:07 - 00000000 ____D C:\Users\Tighe\AppData\Local\Razer_Inc
2016-05-03 19:06 - 2016-05-12 15:27 - 00000000 ____D C:\Program Files (x86)\Razer
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ____D C:\ProgramData\Razer
2016-05-03 18:32 - 2016-05-03 19:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-03 18:32 - 2016-05-03 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-03 18:08 - 2016-05-03 18:08 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-05-03 17:24 - 2016-05-03 17:24 - 00000000 ____D C:\WINDOWS\system32\kof
2016-05-03 17:06 - 2016-05-03 18:27 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\QuickScan
2016-05-03 16:47 - 2016-05-03 16:47 - 00007622 _____ C:\Users\Tighe\AppData\Local\Resmon.ResmonCfg
2016-05-03 16:40 - 2016-05-03 16:40 - 00000000 ____D C:\WINDOWS\system32\suo
2016-05-03 15:22 - 2016-05-03 15:22 - 00000000 ____D C:\WINDOWS\system32\gocg
2016-05-03 15:17 - 2016-05-03 15:17 - 00000000 ____D C:\WINDOWS\system32\qikg
2016-05-03 14:37 - 2016-05-03 18:38 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\WeaagOukau
2016-05-03 14:31 - 2016-05-03 14:47 - 00000000 ____D C:\Users\Tighe\AppData\Local\app
2016-05-03 14:30 - 2016-05-03 14:30 - 00000000 ____D C:\Program Files (x86)\Securid
2016-05-03 14:28 - 2016-05-03 14:28 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-05-03 14:27 - 2016-05-03 18:38 - 00000000 ____D C:\Users\Tighe\AppData\LocalLow\Company
2016-05-03 14:27 - 2016-05-03 14:37 - 00000000 ____D C:\Users\Tighe\AppData\Local\Tempfolder
2016-04-14 12:11 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 12:11 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-14 12:11 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-14 12:11 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-14 12:11 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-14 12:11 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-14 12:11 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-14 12:11 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-14 12:11 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-14 12:11 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-14 12:11 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-14 12:11 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-14 12:11 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-14 12:11 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-14 12:11 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-14 12:11 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-14 12:11 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-14 12:10 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-14 12:10 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-14 12:10 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-14 12:10 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 12:10 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-14 12:10 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-14 12:10 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-14 12:10 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-14 12:10 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-14 12:10 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-14 12:10 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 12:10 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 12:10 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 12:10 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 12:10 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-14 12:10 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-14 12:10 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-14 12:10 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-14 12:10 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-14 12:10 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-14 12:10 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-14 12:10 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-14 12:10 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-14 12:10 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-14 12:10 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-14 12:10 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-14 12:10 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-14 12:10 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-14 12:10 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-14 12:10 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-14 12:10 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-14 12:10 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-14 12:10 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-14 12:10 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-14 12:10 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-14 12:10 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-14 12:10 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-14 12:10 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-14 12:10 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-14 12:10 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-14 12:10 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-14 12:10 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-14 12:10 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-14 12:10 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-14 12:10 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-14 12:10 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-14 12:10 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-14 12:10 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-14 12:10 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-14 12:10 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-14 12:10 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 12:10 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-14 12:10 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-14 12:10 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-14 12:10 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 12:10 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-14 12:10 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-14 12:10 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-14 12:10 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-14 12:10 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-14 12:10 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-14 12:10 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-14 12:10 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-14 12:10 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-14 12:10 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-14 12:10 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-14 12:10 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-14 12:10 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-14 12:10 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-14 12:10 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-14 12:10 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-14 12:10 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-14 12:10 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-14 12:10 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 12:10 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-14 12:10 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-14 12:10 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-14 12:10 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-14 12:10 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-14 12:10 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-14 12:10 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-14 12:10 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-14 12:10 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-14 12:10 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-14 12:10 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-14 12:10 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-14 12:10 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-14 12:10 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-14 12:10 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-14 12:10 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-14 12:10 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 12:10 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-14 12:10 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-14 12:10 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-14 12:10 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 12:10 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 12:10 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-14 12:10 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-14 12:10 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-14 12:10 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-14 12:10 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-14 12:10 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-14 12:10 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-14 12:10 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-14 12:10 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-14 12:10 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-14 12:10 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-14 12:10 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-14 12:10 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-14 12:10 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-14 12:10 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-14 12:10 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-14 12:10 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-14 12:10 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-14 12:10 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-14 12:10 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-14 12:10 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-14 12:10 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-14 12:10 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-14 12:10 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-14 12:10 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-14 12:10 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-14 12:10 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-14 12:10 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-14 12:10 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-14 12:10 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-14 12:10 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-14 12:10 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-14 12:10 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-14 12:10 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-14 12:10 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-14 12:10 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-14 12:10 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-14 12:10 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-14 12:10 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-14 12:10 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-14 12:10 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-14 12:10 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-14 12:10 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-14 12:10 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-14 12:10 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-14 12:10 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-14 12:10 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-14 12:10 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-14 12:10 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 12:10 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-14 12:10 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-14 12:10 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-14 12:10 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-14 12:10 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-14 12:10 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-14 12:10 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-14 12:10 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-14 12:10 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-14 12:10 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 12:10 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-14 12:10 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 12:10 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-14 12:10 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 12:10 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 12:07 - 2016-04-14 12:08 - 00007575 _____ C:\Users\Tighe\Desktop\Tigheanrnan-Lord.pdf
2016-04-14 11:51 - 2016-05-03 19:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-04-14 11:51 - 2016-04-14 11:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-12 07:20 - 2016-04-12 07:20 - 00095400 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 15:32 - 2016-01-19 23:10 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-12 15:32 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-12 15:27 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Local\Deployment
2016-05-12 15:26 - 2016-01-23 07:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-12 15:26 - 2016-01-23 07:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-12 15:25 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-12 15:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 14:38 - 2016-01-28 04:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-12 14:35 - 2016-01-21 21:19 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D3B7733-900E-41F1-A430-143F9B9EB193}
2016-05-12 14:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 22:13 - 2016-01-23 07:39 - 00000000 ____D C:\Users\Tighe
2016-05-11 13:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-11 13:26 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 11:51 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-11 11:44 - 2016-01-19 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-11 11:44 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 11:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 11:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 11:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 11:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 00:06 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-10 17:11 - 2016-01-19 23:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-10 16:45 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-10 16:44 - 2016-01-19 23:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 16:41 - 2016-01-19 23:22 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-04 01:45 - 2016-01-19 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-03 19:27 - 2016-04-04 23:20 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-05-03 19:27 - 2016-04-04 23:20 - 00001252 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2016-05-03 19:27 - 2016-02-04 21:41 - 00001087 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-05-03 19:27 - 2016-02-04 21:41 - 00001081 _____ C:\Users\Tighe\Desktop\Curse.lnk
2016-05-03 19:27 - 2016-02-03 20:17 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-03 19:27 - 2016-01-26 03:00 - 00000934 _____ C:\Users\Public\Desktop\Ventrilo.lnk
2016-05-03 19:27 - 2016-01-26 01:30 - 00001158 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-05-03 19:27 - 2016-01-23 23:11 - 00001856 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-03 19:27 - 2016-01-23 23:11 - 00001850 _____ C:\Users\Tighe\Desktop\Spotify.lnk
2016-05-03 19:27 - 2016-01-23 07:40 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-03 19:27 - 2016-01-22 15:45 - 00002128 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-05-03 19:27 - 2016-01-20 03:48 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-05-03 19:27 - 2016-01-20 00:14 - 00001211 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-05-03 19:27 - 2016-01-19 23:33 - 00001030 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-03 19:27 - 2016-01-19 23:25 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-03 19:27 - 2016-01-19 23:21 - 00002134 _____ C:\Users\Public\Desktop\MSI Super Charger.lnk
2016-05-03 19:27 - 2016-01-19 23:10 - 00002365 _____ C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-03 19:26 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-03 19:26 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-03 19:19 - 2016-01-19 23:21 - 00000000 ____D C:\ProgramData\Norton
2016-05-03 19:05 - 2016-02-23 14:57 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2016-05-03 19:05 - 2016-02-03 20:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-03 19:05 - 2016-01-27 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2016-05-03 19:05 - 2016-01-27 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-05-03 19:05 - 2016-01-26 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
2016-05-03 19:05 - 2016-01-26 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-05-03 19:05 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2016-05-03 19:05 - 2016-01-20 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-05-03 19:05 - 2016-01-20 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-05-03 19:05 - 2016-01-20 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-05-03 19:05 - 2016-01-19 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-03 19:05 - 2016-01-19 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-03 19:05 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-03 19:05 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-03 19:04 - 2016-01-25 07:43 - 00000000 ____D C:\Users\Tighe\AppData\Local\Apps\2.0
2016-05-03 19:04 - 2016-01-19 23:09 - 00000000 ____D C:\Users\Tighe\AppData\Local\Packages
2016-05-03 19:04 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2016-05-03 19:04 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-05-02 21:24 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 21:24 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-26 13:19 - 2016-01-19 23:10 - 00000000 ___RD C:\Users\Tighe\OneDrive
2016-04-26 12:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-04-22 03:57 - 2016-01-19 23:23 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-22 01:21 - 2016-01-20 00:15 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 01:21 - 2016-01-20 00:14 - 00000000 ____D C:\Users\Tighe\AppData\Local\Battle.net
2016-04-22 00:19 - 2016-01-20 12:53 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-04-22 00:14 - 2016-01-27 03:47 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-22 00:08 - 2016-01-20 00:07 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-15 03:31 - 2016-01-23 07:38 - 00224256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 03:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 13:02 - 2016-02-03 21:05 - 00015603 _____ C:\Users\Tighe\Desktop\References.odt

==================== Files in the root of some directories =======

2016-05-03 16:47 - 2016-05-03 16:47 - 0007622 _____ () C:\Users\Tighe\AppData\Local\Resmon.ResmonCfg
2016-05-03 19:23 - 2016-05-03 19:23 - 0408496 _____ () C:\ProgramData\1462317681.bdinstall.bin
2016-01-23 07:38 - 2016-01-23 07:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Tighe\AppData\Local\Temp\libeay32.dll
C:\Users\Tighe\AppData\Local\Temp\msvcr120.dll
C:\Users\Tighe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-10 16:40

==================== End of FRST.txt ============================
Jaraxel89 is offline  
Old 05-12-2016, 12:35 PM   #8
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Tighe (2016-05-12 15:33:15)
Running from C:\Users\Tighe\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-23 11:42:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1192922055-4071073365-1872665396-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1192922055-4071073365-1872665396-503 - Limited - Disabled)
Guest (S-1-5-21-1192922055-4071073365-1872665396-501 - Limited - Disabled)
Tighe (S-1-5-21-1192922055-4071073365-1872665396-1001 - Administrator - Enabled) => C:\Users\Tighe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.27.1467 - Bitdefender)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magic The Gathering Online (HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\35c9d60442fbb010) (Version: 3.4.90.566 - Wizards of the Coast)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.01 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 1.0.0.06 - Micro-Star INT'L CO.,LTD.)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{c53aa0ed-a6eb-4213-b1a6-23cac9eb6b2e}) (Version: 2.2.2.55880 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.2.55880 - Grinding Gear Games) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1192922055-4071073365-1872665396-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tighe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AC36649-0BB3-49D4-9CE9-243D854794DA} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [2016-04-25] (Bitdefender)
Task: {3D211CE5-1BB5-4C41-870C-63AF642878D9} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {D680187C-66B2-4020-BC38-AB04E3F5CB0C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-03 19:22 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-10 16:20 - 2016-05-10 16:20 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_002\ashttpbr.mdl
2016-05-10 16:20 - 2016-05-10 16:20 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_002\ashttpdsp.mdl
2016-05-10 16:20 - 2016-05-10 16:20 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_002\ashttpph.mdl
2016-05-10 16:20 - 2016-05-10 16:20 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_002\ashttprbl.mdl
2016-01-23 07:38 - 2015-12-16 10:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-20 01:37 - 2016-01-12 00:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-14 12:11 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 12:11 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 13:19 - 2016-04-26 13:19 - 00959176 _____ () C:\Users\Tighe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-05-10 16:27 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-22 00:11 - 2016-04-22 00:12 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-23 07:36 - 2016-01-23 07:36 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 16:26 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 16:27 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 16:27 - 2016-04-22 23:58 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-10 16:27 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 16:27 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-10 16:27 - 2016-04-22 23:57 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 03:18 - 2015-10-30 05:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 03:18 - 2015-10-30 05:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 03:18 - 2015-10-30 05:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 03:18 - 2015-10-30 05:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 03:18 - 2015-10-30 05:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-01-25 07:43 - 2016-01-25 07:43 - 00016384 _____ () C:\Users\Tighe\AppData\Local\Apps\2.0\5ADAM6CE.KGC\AP1HVXJJ.244\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2016-01-25 07:43 - 2016-01-25 07:43 - 00035840 _____ () C:\Users\Tighe\AppData\Local\Apps\2.0\5ADAM6CE.KGC\AP1HVXJJ.244\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2016-01-25 07:43 - 2016-01-25 07:43 - 00099840 _____ () C:\Users\Tighe\AppData\Local\Apps\2.0\5ADAM6CE.KGC\AP1HVXJJ.244\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
2016-04-22 00:11 - 2016-04-22 00:12 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-22 00:11 - 2016-04-22 00:12 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-20 01:37 - 2016-01-12 00:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-26 13:19 - 2016-04-26 13:19 - 00679624 _____ () C:\Users\Tighe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Tighe\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Tighe\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Tighe\Downloads\PathOfExileInstaller.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2016-05-12 15:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tighe\AppData\Local\Microsoft\Windows\Themes\MSI (2)\DesktopBackground\pro.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKU\S-1-5-21-1192922055-4071073365-1872665396-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E6FEA36E-1B38-4001-B9F9-5586DBED0E06}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{3416BDEA-6AB1-42CF-A69E-46DE93E1A0C7}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{75357352-3A05-4E65-93FD-632242CCFC06}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{216DA070-FC80-4CB1-A454-79A23BA8E944}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{52A4A317-F3F4-463E-B99E-A67CF10801AD}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{C687C214-35CC-4A02-8877-A3D60634AE7D}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{DD590014-CBCA-4E3B-A68D-AEA78085C2B6}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{4FFCA6CF-C0F4-498A-B633-F298200AAF8F}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{8AC356BA-ECD9-4A31-95A6-95FD714F7932}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{66498847-FD4E-4629-A91C-0DA991AA1950}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{0CE184CE-6774-41BB-9B89-B9F2E9D37B8E}] => (Allow) C:\Program Files (x86)\TERA\Client\TERA.exe
FirewallRules: [{700BE48E-63DB-478A-B850-EC2907619ECF}] => (Allow) C:\Program Files (x86)\TERA\Client\TERA.exe
FirewallRules: [{6A74D664-DEAE-4504-A147-16DE3B895823}] => (Allow) C:\Program Files (x86)\TERA\Client\TERA.exe
FirewallRules: [{1F99F8F3-1C87-43C5-B634-60E052B33ADD}] => (Allow) C:\Program Files (x86)\TERA\Client\TERA.exe
FirewallRules: [{578216FC-23BF-4DFB-97C4-6A66B7B72D48}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{BE599E57-51A0-47E1-A980-2B2CC2FFE63D}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{5D3CE92D-1FD2-4B11-975E-AD3080E29926}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{67C98FB0-026F-4861-8D45-7C05323D0AE0}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{81BB05AF-11DA-4521-97BC-5991308358E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{D313CE50-B846-46A2-AC3D-615956768DAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{21561EEE-9FD4-41AD-B8A6-53B10352A771}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{067AD9B2-327B-413C-B002-BE92CC6041BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{34680AB2-D5D2-40D6-B895-A285D3D7B07F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A2978CA8-E9F8-4CCC-AE09-CCD20B4B324E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F6053416-E97E-4A1A-A480-00686D0259A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E9DE7C7D-8DE1-48D4-9424-EE2FB1BB1FF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF4CF52C-33DA-465B-96C7-F176256DCF7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ED01F7CB-5E62-499C-8770-0B09DA0707D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8BC81F1C-D91D-4202-BCEC-28772908F840}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F717CD0E-07C5-4E6C-88FF-3C30975397E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14E4E7FA-D81B-4677-AAD7-A34CAA4E9B85}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{455E6CB1-5E24-4BE3-A831-BB4AED189877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{061D2CE7-4A1A-4031-B27C-D0A240F75F90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5CE31D85-A6C5-43D7-82BF-7C3FFBAD1B40}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{6E230DCC-55FA-4E96-AB51-C194CB4676FB}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{5AA7DE46-EA1C-46EA-976E-4BCFABB8AB1F}C:\users\tighe\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tighe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{937AD54F-64D4-4F2C-9E65-AA7755766E67}C:\users\tighe\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\tighe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{35D46FD9-1B98-4344-8ADC-E938077529F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{9B094D89-CFAF-42B0-AA3E-19E285BC645C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{CFDAF72B-2BD6-4C8D-B826-060283E41276}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{BABC3E7E-5234-4089-9870-406ABA2E3377}C:\program files (x86)\diablo iii\diablo iii.exe] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{41DB9C5F-4DB0-4D9F-B7A6-3C1FA4DFDB37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{3D0A6A45-F5C3-48E9-82EB-EF04EC6AD7E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe

==================== Restore Points =========================

27-04-2016 15:27:34 Scheduled Checkpoint
03-05-2016 19:04:00 Restore Operation
10-05-2016 16:40:53 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2016 03:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xab8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (05/12/2016 03:25:55 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2744) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/12/2016 03:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9
Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3
Exception code: 0x80000003
Fault offset: 0x0000efdc
Faulting process id: 0x1df8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (05/11/2016 08:51:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (05/11/2016 08:51:35 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (05/11/2016 08:51:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

Error: (05/11/2016 08:51:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (05/11/2016 08:51:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll8

Error: (05/11/2016 08:51:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/11/2016 07:51:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0xe0434352
Fault offset: 0x000bdae8
Faulting process id: 0x1e18
Faulting application start time: 0xRzWizard.exe0
Faulting application path: RzWizard.exe1
Faulting module path: RzWizard.exe2
Report Id: RzWizard.exe3
Faulting package full name: RzWizard.exe4
Faulting package-relative application ID: RzWizard.exe5


System errors:
=============
Error: (05/12/2016 03:25:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The State Repository Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/12/2016 03:25:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3OFGD0R)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/12/2016 03:25:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_86d663 service to connect.

Error: (05/12/2016 03:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_86d663 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/12/2016 03:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_86d663 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/12/2016 03:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_86d663 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/12/2016 03:25:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_86d663 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/12/2016 03:25:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/12/2016 03:25:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/12/2016 03:25:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-05-11 11:46:53.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-10 16:20:23.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-03 19:08:00.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-03 18:49:31.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-03 17:24:41.489
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 17:24:41.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 17:24:40.065
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 17:24:40.032
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 17:24:39.975
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 17:24:39.961
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 38%
Total physical RAM: 8148.02 MB
Available physical RAM: 5029.83 MB
Total Virtual: 10132.02 MB
Available Virtual: 6662.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:65.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3B4523EC)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Jaraxel89 is offline  
Old 05-12-2016, 12:38 PM   #9
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



Had accidentally posted the protection log not a scan log for malwarebytes. correct log to follow....

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2016
Scan Time: 15:44
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.12.06
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Tighe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297715
Time Elapsed: 5 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Jaraxel89 is offline  
Old 05-12-2016, 12:42 PM   #10
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



I Hope everything I am posting is exactly what you need.

Also as far as anti-virus I don't really know what to use but would prefer a one time buy or something free as money is tight right now....currently using the free/trial bitdefender anti-virus.
Jaraxel89 is offline  
Old 05-13-2016, 01:57 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jaraxel89. BitDefender is fine.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\Users\Tighe\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\Tighe\Downloads\FRST64.exe:BDU [0]
    AlternateDataStreams: C:\Users\Tighe\Downloads\PathOfExileInstaller.exe:BDU [0]
    BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    FF DefaultSearchEngine.US: Search Module
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2016, 01:03 AM   #12
Registered Member
 
Join Date: May 2016
Posts: 9
OS: Windows 10



ESET scan found no threats.




Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Tighe (2016-05-14 03:29:40) Run:1
Running from C:\Users\Tighe\Desktop
Loaded Profiles: Tighe (Available Profiles: Tighe)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\Users\Tighe\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Tighe\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Tighe\Downloads\PathOfExileInstaller.exe:BDU [0]
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
FF DefaultSearchEngine.US: Search Module
EmptyTemp:
end
*****************
Restore point was successfully created.
C:\Users\Tighe\Downloads\AdwCleaner.exe => ":BDU" ADS removed successfully.
"C:\Users\Tighe\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Tighe\Downloads\PathOfExileInstaller.exe => ":BDU" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => key removed successfully
Firefox DefaultSearchEngine.US removed successfully
EmptyTemp: => 848.1 MB temporary data Removed.

The system needed a reboot.
==== End of Fixlog 03:29:51 ====
Jaraxel89 is offline  
Old 05-14-2016, 08:30 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-23-2016, 06:11 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pop-ups keep opening up in Google Chrome
Hi Guys. In the last week my Google Chrome keeps opening pop-up windows for no reason with different websites. It happens when I surf, but also when I'm not touching the computer and the Chrome is open. This means that if I open Chrome, leave the computer and come back after 1 hour, I can have...
sagybp Resolved HJT Threads 12 10-24-2015 11:26 PM
PC Infected Please help.
My pc is heavily infected with malware. Last time I had got a lot of help from this forum. I dont know the procedure so guide me. Thanks
Dsoumil Resolved HJT Threads 13 05-27-2014 06:57 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
WinZip Registry Optimizer Virus
Hi Guys, Thank you for your time and detailed process, I hope I have included all that you asked for. As you requested 'Utorrent' and 'Vuze' have been removed from the computer and 'Microsoft Forefront Endpoint Protection' has been disabled. The requested text 'DDS.txt' is below and...
Marko Filipovic Resolved HJT Threads 6 01-20-2013 05:16 PM
Browser redirect problem
Help!! I have fallen prey to a browser hijack i am unable to get rid off. I have tried Malwarebytes, Ad-aware, Spybot, AVG (which is my antivirus and firewall software, CWShreader, and Hijack This. I have run Combofix and TDSkiller. RKquarantine and Goorefix. Nothing has stopped it or detected...
qorc Inactive Malware Help Topics 29 12-27-2012 09:38 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:19 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts