TechSpot

Youtube and other movie clips are lagging a little

By MalwareMagnet
Feb 14, 2016
  1. I did a virus scan and said I am clean, but I do not remember it being this laggy, so I believe it is a virus can you please help me verify if this is a virus or not? thanks
     
  2. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Owner (administrator) on DESKTOP-VMOPO8L (14-02-2016 17:02:00)
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Lenovo) C:\Users\Owner\AppData\Local\Apps\2.0\ATXHZA1T.709\0YBY38RA.6BW\lsb...tion_91a10ba61c75c82d_0001.0006_0f15e39c22fde514\LSB.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-16] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-04]
    ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{edfbb390-0da5-42ed-afde-6889329d0c89}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-07]
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-07]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-07]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-13] (SurfRight B.V.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-22] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
    S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)
    R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)
    S3 SDGame; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-14] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 17:02 - 2016-02-14 17:02 - 00014069 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-02-14 17:01 - 2016-02-14 17:02 - 00000000 ____D C:\FRST
    2016-02-14 17:01 - 2016-02-14 17:01 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2016-02-14 17:01 - 2016-02-14 17:01 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
    2016-02-14 13:41 - 2016-02-14 13:41 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (3).exe
    2016-02-14 13:29 - 2016-02-14 13:30 - 00255928 _____ C:\TDSSKiller.3.1.0.9_14.02.2016_13.29.15_log.txt
    2016-02-14 13:28 - 2016-02-14 13:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
    2016-02-14 13:27 - 2016-02-14 13:27 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (2).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (1).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT (1).exe
    2016-02-14 13:23 - 2016-02-14 13:23 - 00000683 _____ C:\Users\Owner\Desktop\JRT.txt
    2016-02-14 13:22 - 2016-02-14 13:35 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
    2016-02-14 13:22 - 2016-02-14 13:22 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
    2016-02-14 13:09 - 2016-02-14 13:09 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-02-14 13:08 - 2016-02-14 13:08 - 20943432 _____ C:\Users\Owner\Downloads\RogueKiller.exe
    2016-02-14 13:08 - 2016-02-14 13:08 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-14 13:06 - 2016-02-14 13:32 - 01508352 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2016-02-14 12:48 - 2016-02-14 12:48 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
    2016-02-14 12:48 - 2016-02-14 12:48 - 00002930 _____ C:\Users\Owner\Desktop\Rkill.txt
    2016-02-14 12:44 - 2016-02-14 13:32 - 00000000 ____D C:\AdwCleaner
    2016-02-14 12:43 - 2016-02-14 12:43 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
    2016-02-14 12:42 - 2016-02-14 12:49 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2016-02-14 12:38 - 2016-02-14 12:49 - 01508352 _____ C:\Users\Owner\Downloads\adwcleaner_5.033.exe
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-02-09 14:29 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 14:29 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 14:29 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 14:29 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 14:29 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 14:29 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 14:29 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 14:29 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 14:29 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 14:29 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 14:29 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 14:29 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 14:29 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 14:29 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 14:29 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 14:29 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 14:29 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 14:29 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-08 15:31 - 2016-02-08 19:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit AgentInformation
    2016-02-08 15:30 - 2016-02-08 15:30 - 00000000 ____D C:\Program Files (x86)\Foxit Software
    2016-02-08 15:28 - 2016-02-08 15:29 - 43048592 _____ (Foxit Software Inc. ) C:\Users\Owner\Downloads\FoxitReader73_enu_Setup_Prom.exe
    2016-02-08 15:19 - 2016-02-08 15:21 - 295249739 _____ C:\Users\Owner\Downloads\CB10h-Edition.pdf
    2016-02-08 15:14 - 2016-02-08 15:14 - 01992496 _____ C:\Users\Owner\Downloads\winrar-x64-531.exe
    2016-02-08 15:08 - 2016-02-08 15:08 - 00000197 _____ C:\Users\Owner\Downloads\aazea.com_0321775651.rar
    2016-02-05 00:23 - 2016-02-05 00:23 - 00003336 _____ C:\WINDOWS\System32\Tasks\{09059723-20CA-40B3-9C08-D8667C90FB5A}
    2016-02-02 15:02 - 2016-02-02 15:09 - 00001834 _____ C:\Users\Public\Desktop\ÁúÖ®¹È.lnk
    2016-02-02 14:24 - 2016-02-02 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÓÎÏ·
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\盛大游戏
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÓÎÏ·
    2016-02-02 12:11 - 2016-02-02 14:58 - 00000000 ____D C:\lzg251
    2016-02-02 12:11 - 2016-02-02 12:11 - 00000000 ____D C:\ProgramData\SNDA
    2016-02-02 12:10 - 2016-02-02 12:11 - 03450376 _____ (盛大游戏) C:\Users\Owner\Downloads\dragonnest.251_download.exe
    2016-02-02 12:07 - 2016-02-02 12:07 - 00000000 ____D C:\Users\Owner\Documents\DragonNest
    2016-02-01 22:56 - 2016-02-01 22:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2016-02-01 21:51 - 2016-02-01 22:39 - 00104634 _____ C:\ZipSetupLog.txt
    2016-02-01 21:51 - 2016-02-01 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÍøÂç
    2016-02-01 21:51 - 2016-02-01 21:51 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÍøÂç
    2016-02-01 17:02 - 2016-02-01 19:44 - 00000027 _____ C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:38 - 00000000 ____D C:\Gamedownloader
    2016-02-01 16:32 - 2016-02-02 14:08 - 00000059 _____ C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-01 16:32 - 2016-02-01 16:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\lzg1024_setup
    2016-02-01 16:23 - 2016-02-02 14:38 - 03733896 _____ (ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Owner\Downloads\lzg1024_setup.exe
    2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
    2016-01-29 21:48 - 2016-02-14 13:23 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2016-01-29 21:43 - 2016-01-29 21:43 - 00003336 _____ C:\WINDOWS\System32\Tasks\{735EF87E-9250-4026-953E-D5F27030B7F1}
    2016-01-29 19:13 - 2016-01-29 19:13 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-01-29 19:13 - 2016-01-29 19:13 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-29 19:12 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-01-29 19:12 - 2016-01-29 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-22 21:54 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-01-29 19:12 - 2016-01-22 21:54 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01859936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-01-29 19:12 - 2016-01-22 19:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-01-29 19:11 - 2016-02-14 13:31 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-29 19:11 - 2016-01-29 19:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-29 19:11 - 2016-01-22 20:01 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-01-29 19:11 - 2016-01-22 20:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00123448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-01-29 19:11 - 2016-01-21 21:06 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-01-29 19:10 - 2016-01-25 12:34 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2016-01-29 19:10 - 2016-01-22 22:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
    2016-01-29 19:10 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2016-01-29 19:10 - 2015-12-18 01:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2016-01-29 19:10 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-01-29 19:08 - 2016-01-29 19:08 - 00000000 ____D C:\NVIDIA
    2016-01-29 19:07 - 2016-01-29 19:08 - 122461596 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql (1).exe.hj3lkj7.partial
    2016-01-28 15:46 - 2016-01-28 15:46 - 00000000 ____D C:\Users\Owner\Documents\League of Legends
    2016-01-28 12:00 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 12:00 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64
     
  3. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    \Windows.Media.Protection.PlayReady.dll
    2016-01-28 11:59 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 11:59 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 11:59 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 11:59 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 11:59 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 11:59 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 11:59 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 11:59 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 11:59 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 11:59 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 11:59 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 11:59 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 11:59 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-28 00:38 - 2016-01-29 19:08 - 389921688 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql.exe
    2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2016-01-22 21:36 - 2016-01-22 21:42 - 27864920 _____ (Riot Games) C:\Users\Owner\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 13:37 - 2015-11-16 23:47 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-14 13:37 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-14 13:32 - 2015-11-16 22:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
    2016-02-14 13:31 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Local\NexonLauncher
    2016-02-14 13:31 - 2015-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-02-14 13:31 - 2015-12-07 10:17 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-14 13:31 - 2015-11-16 21:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-14 13:31 - 2015-11-16 21:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-14 13:31 - 2015-11-16 20:59 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
    2016-02-14 13:30 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-14 11:31 - 2015-12-23 11:16 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E9C8FB6-6FFC-4CC2-94CB-F2E4A93C6C03}
    2016-02-13 12:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-12 14:14 - 2015-11-16 22:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\ProgramData\Lenovo
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-02-12 12:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-12 11:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-10 22:54 - 2016-01-02 21:13 - 00000000 ____D C:\Users\Owner\Downloads\PopcornTime
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-10 02:09 - 2015-11-16 21:54 - 00000000 ____D C:\Users\Owner
    2016-02-09 22:46 - 2016-01-10 11:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-09 21:11 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-09 21:10 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-09 15:09 - 2015-11-16 21:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-09 15:07 - 2015-11-16 21:00 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-09 15:07 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Program Files\WinRAR
    2016-02-05 13:57 - 2015-11-16 20:52 - 00002363 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-05 13:57 - 2015-11-16 20:52 - 00000000 ___RD C:\Users\Owner\OneDrive
    2016-02-05 00:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-04 16:32 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NexonLauncher
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 14:07 - 2015-12-16 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Steam
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-01 18:23 - 2015-12-07 10:17 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-29 23:30 - 2015-12-16 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-29 19:13 - 2015-11-16 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
    2016-01-29 19:12 - 2015-11-16 21:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-29 19:12 - 2015-11-16 20:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-29 19:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-22 21:49 - 2015-12-07 10:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Riot Games
    2016-01-17 19:13 - 2016-01-06 14:24 - 00000000 ____D C:\Users\Owner\Documents\My Games
    2016-01-17 19:13 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Package Cache

    ==================== Files in the root of some directories =======

    2016-02-01 17:02 - 2016-02-01 19:44 - 0000027 _____ () C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:08 - 0000059 _____ () C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2015-11-16 21:53 - 2015-11-16 21:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Owner\AppData\Local\Temp\netease-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\ntes-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStereoApiI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-06 22:13


    ==================== End of FRST.txt ============================
     
  4. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by Owner (2016-02-14 17:02:46)
    Running from C:\Users\Owner\Downloads
    Windows 10 Pro (X64) (2015-11-17 02:56:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3197005435-3639198766-659270671-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3197005435-3639198766-659270671-503 - Limited - Disabled)
    Guest (S-1-5-21-3197005435-3639198766-659270671-501 - Limited - Disabled)
    Owner (S-1-5-21-3197005435-3639198766-659270671-1001 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ÁúÖ®¹È (HKLM-x32\...\DragonNest) (Version: 2.0.8.251 - SHANDAGAMES)
    CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.2.0.13 - Lenovo)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    ÍøÒ×-ÌìÚÍ (HKLM-x32\...\tianyu) (Version: 1.0.130 - ÍøÒ×£¨º¼ÖÝ£©ÍøÂçÓÐÏÞ¹«Ë¾)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.017.00 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.0.0 - Lenovo)
    Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
    LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
    WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3197005435-3639198766-659270671-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2F25D1D9-0448-428B-B454-17CF4E1FD628} - System32\Tasks\{09B16D9D-082B-4636-A5E2-BF03E6FD480B} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
    Task: {60E97DA1-2642-4D19-A7D8-1656A77C3B0F} - System32\Tasks\{09059723-20CA-40B3-9C08-D8667C90FB5A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
    Task: {7BE9D574-5497-4FDF-9AD5-5A9F29F5875F} - System32\Tasks\{735EF87E-9250-4026-953E-D5F27030B7F1} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
    Task: {837E182B-4407-4868-909A-4FD5389BF324} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
    Task: {8FBB7972-4AE1-4E8F-A608-0034F897C555} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
    Task: {A44838B7-2B2A-48E0-BBCC-A1484FADC0A2} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3197005435-3639198766-659270671-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {A5E7CA59-FC52-4616-989A-2F86FDAC0908} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-07] (Google Inc.)
    Task: {BB2903F6-EDDD-42B1-B9EC-84694C40AC28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-07] (Google Inc.)
    Task: {D94003A4-8E50-4F32-9B42-7942C76D8A02} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-01-29 19:12 - 2016-01-22 21:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-22 13:21 - 2016-01-22 13:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-17 23:48 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-17 23:48 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-17 23:48 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2015-11-16 20:59 - 2015-11-16 20:59 - 00405416 _____ () C:\WINDOWS\system32\igfxTray.exe
    2015-11-16 22:52 - 2015-11-16 22:52 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2015-11-16 22:52 - 2015-11-16 22:52 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2015-11-16 20:55 - 2015-11-16 20:55 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2016-01-13 00:29 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-13 00:29 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 11:59 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 11:59 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-22 13:21 - 2016-01-22 13:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 13:21 - 2016-01-22 13:21 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-01-29 19:12 - 2016-01-22 21:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-12-16 14:23 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-12-16 14:23 - 2016-02-04 16:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-12-16 14:23 - 2016-02-04 16:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-12-16 14:23 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2015-12-16 16:54 - 2015-12-12 19:02 - 00044544 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_socket.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00899584 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ssl.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00087552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ctypes.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00358400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_hashlib.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00100352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32api.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00110080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\pywintypes27.dll
    2015-12-16 16:54 - 2015-12-12 19:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\select.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00036864 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32process.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00485888 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libsodium.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00516096 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00038400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00014336 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00046080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00032256 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00073216 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00023552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00029696 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00012800 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00025088 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00027136 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_multiprocessing.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00036352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_psutil_mswindows.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00167936 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32gui.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00009728 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00029184 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd
    2015-12-16 16:54 - 2015-11-19 15:03 - 00160768 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\tray\mxwin.pyd
    2015-12-16 16:53 - 2015-11-19 15:03 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\tray\Nexon.Mantis.Client.Resources.dll
    2015-12-16 16:53 - 2015-12-12 19:02 - 00686080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\unicodedata.pyd
    2015-12-16 14:23 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-11-16 22:56 - 2015-02-12 16:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-30 17:42 - 2015-07-30 17:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Downloads\cherry_blossom_tunnel.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [TCP Query User{9EEDA7EA-FB82-463B-9ABF-F480F9DEE9ED}C:\users\owner\downloads\tianyu_dl_0730.exe] => (Allow) C:\users\owner\downloads\tianyu_dl_0730.exe
    FirewallRules: [UDP Query User{5ACFB03D-B664-429F-A831-9BBFB56B75A9}C:\users\owner\downloads\tianyu_dl_0730.exe] => (Allow) C:\users\owner\downloads\tianyu_dl_0730.exe
    FirewallRules: [TCP Query User{37AAE1B4-79B5-4290-AFBE-F878C83F7C0D}C:\users\owner\appdata\local\temp\netease-tianyu.exe] => (Allow) C:\users\owner\appdata\local\temp\netease-tianyu.exe
    FirewallRules: [UDP Query User{A1B1765D-B21C-4D2B-9BDB-292807D10504}C:\users\owner\appdata\local\temp\netease-tianyu.exe] => (Allow) C:\users\owner\appdata\local\temp\netease-tianyu.exe
    FirewallRules: [TCP Query User{A53C1BDC-47C8-42F7-B368-A1CA6CA28F4B}C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe
    FirewallRules: [UDP Query User{EA7A4CFE-45A7-434B-AD6D-1E60CBB86430}C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe
    FirewallRules: [TCP Query User{F95E48A8-C2A8-4612-BCC8-28C4E214F543}C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe
    FirewallRules: [UDP Query User{07C15253-EE24-4E14-A1AB-6484FF9B90B0}C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe
    FirewallRules: [TCP Query User{69DC82E0-0D37-46FF-BC73-D8EFD959BD11}C:\program files (x86)\netease\ty\game\tianyu.exe] => (Allow) C:\program files (x86)\netease\ty\game\tianyu.exe
    FirewallRules: [UDP Query User{B741CC80-62DC-42AC-80B6-849E6D0598E2}C:\program files (x86)\netease\ty\game\tianyu.exe] => (Allow) C:\program files (x86)\netease\ty\game\tianyu.exe
    FirewallRules: [{8D3069F9-E5E5-42FE-9912-5080374280FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3D127AE5-DB40-4F3C-B8FD-72F41B152B49}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{17E98202-4072-4D11-A68A-65CC24C94AA6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1FB7C382-110D-4A1F-9031-BFB14D62128E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C34E3C2C-FB8F-4E19-9319-3D6A730F0135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{FE2E09D4-6E18-4221-88A5-E57848868996}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{D0225C20-E3C6-469A-8069-A3322FAD312A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{7E3E8AD8-066E-4AA6-9348-DD339D8AD291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{5B0DF0BE-E379-4234-A9EE-DDE260C27BFF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{5A276C42-5110-4373-8B0A-B53338083020}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{29038CB8-4361-4E1A-A5D5-9A8BEE316427}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{BD922299-EA3C-4E11-97AB-D3DD9CFE2F73}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{C54371B0-A77B-4977-82AE-F86C3C833BE6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{4301086A-0880-4783-B4A0-8D74D1F1ED32}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{C670E80B-C297-4217-BC31-FD4B83D42855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{9310A6DB-4E7B-4230-ACD0-8984CC26466B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{F3DE407D-E6C7-47D0-9F02-2DE64D0DC504}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{2AF0B00D-C9A1-4C26-90BB-6F9573279FC0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{5AEB6F71-F773-4FFD-BBE1-8651A9B9289D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{41FF28EC-7F02-420C-8385-927452B44D8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{A5A7E3C1-EDA0-4C27-B3F3-2BC8FD6A419A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{2EDDB6A6-AC67-4967-9E80-B44BA42758BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{281AB3DF-B434-40EB-8A7E-41B34A5422AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{A91394E6-BF53-4436-9973-A566ED83E162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{66F91DB2-0693-4144-A44D-470C6848EAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{29EF3BF2-B55F-45E6-B0DF-E3B5DB76B26C}] => (Allow) C:\Users\Owner\Downloads\lzg1024_setup.exe
    FirewallRules: [{8D4534D1-C702-431D-B2F5-B39B1703CA8A}] => (Allow) C:\Users\Owner\Downloads\lzg1024_setup.exe
    FirewallRules: [TCP Query User{94341CC4-F3D9-4830-93A3-BCFD2990511B}C:\users\owner\downloads\dragonnest.251_download.exe] => (Allow) C:\users\owner\downloads\dragonnest.251_download.exe
    FirewallRules: [UDP Query User{8D036A37-0F6C-4E28-889A-92FE15AC9DF1}C:\users\owner\downloads\dragonnest.251_download.exe] => (Allow) C:\users\owner\downloads\dragonnest.251_download.exe
    FirewallRules: [{7946DA7C-E153-442A-AD68-EDA3CF4B2A24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{221CCADE-293B-46F8-8776-1E49DBAB9FB6}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
    FirewallRules: [{303C9904-D45A-4C2C-A941-02F6CCDFE589}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

    ==================== Restore Points =========================

    28-01-2016 20:26:32 Windows Update
    06-02-2016 12:24:51 Scheduled Checkpoint
    09-02-2016 15:06:21 Windows Update
    14-02-2016 13:22:45 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/14/2016 01:22:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
    Exception code: 0xc0000005
    Fault offset: 0x00000000000780cd
    Faulting process id: 0x1144
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5

    Error: (02/14/2016 01:22:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/14/2016 12:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
    Exception code: 0xc0000005
    Fault offset: 0x00000000000780cd
    Faulting process id: 0x17cc
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5

    Error: (02/13/2016 11:33:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/13/2016 10:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x23d0
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/13/2016 06:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x1a2c
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/13/2016 12:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0xcc8
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/12/2016 05:27:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x22e8
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/10/2016 03:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x748
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/10/2016 01:34:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x2530
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5


    System errors:
    =============
    Error: (02/14/2016 04:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 01:30:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VMOPO8L)
    Description: {0002DF02-0000-0000-C000-000000000046}

    Error: (02/14/2016 01:30:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_39c74 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/14/2016 01:30:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 01:22:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/14/2016 01:09:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys

    Error: (02/14/2016 12:45:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_3a154 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/14/2016 12:45:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 12:45:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/14/2016 12:45:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-02-13 23:33:31.590
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-12 12:04:00.450
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-10 02:11:38.331
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-09 22:13:14.071
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-09 21:11:17.296
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 11:07:16.458
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-05 12:15:35.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-03 22:48:02.526
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-30 10:41:39.774
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-29 16:40:03.637
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
    Percentage of memory in use: 55%
    Total physical RAM: 8104.27 MB
    Available physical RAM: 3588.88 MB
    Total Virtual: 10152.27 MB
    Available Virtual: 4932.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.92 GB) (Free:124.98 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: D7916CC8)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Rkill 2.8.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/14/2016 12:48:23 PM in x64 mode.
    Windows Version: Windows 10 Pro

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * fcvsc [Missing Service]
    * HdAudAddService [Missing Service]
    * HyperVideo [Missing Service]
    * netvsc [Missing Service]
    * wfpcapture [Missing Service]

    * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
    * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
    * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 02/14/2016 12:48:38 PM
    Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
     
  7. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Pro x64
    Ran by Owner (Administrator) on Sun 02/14/2016 at 13:22:44.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\ProgramData\thunder network (Folder)
    Successfully deleted: C:\Users\Public\thunder network (Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/14/2016 at 13:23:35.15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    # AdwCleaner v5.033 - Logfile created 14/02/2016 at 12:45:27
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 10 Pro (x64)
    # Username : Owner - DESKTOP-VMOPO8L
    # Running from : C:\Users\Owner\Downloads\adwcleaner_5.033.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com
    [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1648 bytes] ##########
     
  9. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    # AdwCleaner v5.033 - Logfile created 14/02/2016 at 12:44:38
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 10 Pro (x64)
    # Username : Owner - DESKTOP-VMOPO8L
    # Running from : C:\Users\Owner\Downloads\adwcleaner_5.033.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com
    Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com

    ***** [ Web browsers ] *****

    [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1526 bytes] ##########
     
  10. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    I did adwcleaner twice that is why I posted 2 logs for adwcleaner
     
  11. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/14/2016
    Scan Time: 8:09 PM
    Logfile: m.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.14.05
    Rootkit Database: v2016.02.08.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 341207
    Time Elapsed: 5 min, 4 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  12. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    I am sorry, but I also recently just installed Bitdefender to my computer as well just 2 hours ago
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Owner (administrator) on DESKTOP-VMOPO8L (14-02-2016 21:23:33)
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
    (Lenovo) C:\Users\Owner\AppData\Local\Apps\2.0\ATXHZA1T.709\0YBY38RA.6BW\lsb...tion_91a10ba61c75c82d_0001.0006_0f15e39c22fde514\LSB.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-16] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-04]
    ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{edfbb390-0da5-42ed-afde-6889329d0c89}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-07]
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-07]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-07]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-13] (SurfRight B.V.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-22] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
    S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-01-21] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1695720 2016-02-01] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender)
    S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC)
    S4 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)
    R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)
    S3 SDGame; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-14] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 20:17 - 2016-02-14 20:17 - 00001034 _____ C:\m.txt
    2016-02-14 20:12 - 2016-02-14 20:12 - 01508352 _____ C:\Users\Owner\Downloads\adwcleaner_5.033 (1).exe
    2016-02-14 19:00 - 2016-02-14 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\Foxit Reader
    2016-02-14 18:45 - 2016-02-14 18:45 - 00271808 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2016-02-14 18:40 - 2016-02-14 18:40 - 00000385 _____ C:\Users\Owner\AppData\Roaminguser_gensett.xml
    2016-02-14 18:39 - 2016-02-14 18:39 - 00431656 _____ C:\ProgramData\1455492953.bdinstall.bin
    2016-02-14 18:39 - 2016-02-14 18:39 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
    2016-02-14 18:39 - 2016-02-14 18:39 - 00002270 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000785 _____ C:\bdlog.txt
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000000 ____D C:\ProgramData\BDLogging
    2016-02-14 18:39 - 2013-09-08 19:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2016-02-14 18:39 - 2009-07-14 12:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
    2016-02-14 18:39 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2016-02-14 18:38 - 2016-02-14 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
    2016-02-14 18:38 - 2016-01-22 08:12 - 00806344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2016-02-14 18:38 - 2016-01-22 08:11 - 01622512 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2016-02-14 18:38 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2016-02-14 18:37 - 2016-02-14 18:46 - 00000000 ____D C:\ProgramData\Bitdefender
    2016-02-14 18:37 - 2016-02-14 18:37 - 00000000 ____D C:\Program Files\Bitdefender
    2016-02-14 18:37 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2016-02-14 18:37 - 2015-04-29 13:32 - 00160032 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2016-02-14 18:35 - 2016-02-14 18:37 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2016-02-14 18:35 - 2016-02-14 18:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
    2016-02-14 18:32 - 2016-02-14 21:01 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-02-14 18:32 - 2016-02-14 18:32 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2016-02-14 18:32 - 2016-02-14 18:32 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2016-02-14 18:31 - 2016-02-14 18:32 - 09736920 _____ C:\Users\Owner\Downloads\bitdefender_windows_10e3f9de-f735-4a1c-b04a-82f170b8eee9.exe
    2016-02-14 17:02 - 2016-02-14 21:23 - 00015243 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-02-14 17:02 - 2016-02-14 17:03 - 00037180 _____ C:\Users\Owner\Downloads\Addition.txt
    2016-02-14 17:01 - 2016-02-14 21:23 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2016-02-14 17:01 - 2016-02-14 21:23 - 00000000 ____D C:\FRST
    2016-02-14 17:01 - 2016-02-14 17:01 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
    2016-02-14 13:41 - 2016-02-14 13:41 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (3).exe
    2016-02-14 13:29 - 2016-02-14 13:30 - 00255928 _____ C:\TDSSKiller.3.1.0.9_14.02.2016_13.29.15_log.txt
    2016-02-14 13:28 - 2016-02-14 13:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
    2016-02-14 13:27 - 2016-02-14 13:27 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (2).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (1).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT (1).exe
    2016-02-14 13:23 - 2016-02-14 13:23 - 00000683 _____ C:\Users\Owner\Desktop\JRT.txt
    2016-02-14 13:22 - 2016-02-14 13:35 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
    2016-02-14 13:22 - 2016-02-14 13:22 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
    2016-02-14 13:09 - 2016-02-14 13:09 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-02-14 13:08 - 2016-02-14 13:08 - 20943432 _____ C:\Users\Owner\Downloads\RogueKiller.exe
    2016-02-14 13:08 - 2016-02-14 13:08 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-14 13:06 - 2016-02-14 13:32 - 01508352 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2016-02-14 12:48 - 2016-02-14 12:48 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
    2016-02-14 12:48 - 2016-02-14 12:48 - 00002930 _____ C:\Users\Owner\Desktop\Rkill.txt
    2016-02-14 12:44 - 2016-02-14 13:32 - 00000000 ____D C:\AdwCleaner
    2016-02-14 12:43 - 2016-02-14 12:43 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
    2016-02-14 12:42 - 2016-02-14 12:49 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2016-02-14 12:38 - 2016-02-14 12:49 - 01508352 _____ C:\Users\Owner\Downloads\adwcleaner_5.033.exe
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
     
  15. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    ThinkVantage Tools
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-02-09 14:29 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 14:29 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 14:29 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 14:29 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 14:29 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 14:29 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 14:29 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 14:29 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 14:29 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 14:29 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 14:29 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 14:29 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 14:29 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 14:29 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 14:29 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 14:29 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 14:29 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 14:29 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-08 15:31 - 2016-02-08 19:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit AgentInformation
    2016-02-08 15:30 - 2016-02-08 15:30 - 00000000 ____D C:\Program Files (x86)\Foxit Software
    2016-02-08 15:28 - 2016-02-08 15:29 - 43048592 _____ (Foxit Software Inc. ) C:\Users\Owner\Downloads\FoxitReader73_enu_Setup_Prom.exe
    2016-02-08 15:19 - 2016-02-08 15:21 - 295249739 _____ C:\Users\Owner\Downloads\CB10h-Edition.pdf
    2016-02-08 15:14 - 2016-02-08 15:14 - 01992496 _____ C:\Users\Owner\Downloads\winrar-x64-531.exe
    2016-02-08 15:08 - 2016-02-08 15:08 - 00000197 _____ C:\Users\Owner\Downloads\aazea.com_0321775651.rar
    2016-02-05 00:23 - 2016-02-05 00:23 - 00003336 _____ C:\WINDOWS\System32\Tasks\{09059723-20CA-40B3-9C08-D8667C90FB5A}
    2016-02-02 15:02 - 2016-02-02 15:09 - 00001834 _____ C:\Users\Public\Desktop\ÁúÖ®¹È.lnk
    2016-02-02 14:24 - 2016-02-02 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÓÎÏ·
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\盛大游戏
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÓÎÏ·
    2016-02-02 12:11 - 2016-02-02 14:58 - 00000000 ____D C:\lzg251
    2016-02-02 12:11 - 2016-02-02 12:11 - 00000000 ____D C:\ProgramData\SNDA
    2016-02-02 12:10 - 2016-02-02 12:11 - 03450376 _____ (盛大游戏) C:\Users\Owner\Downloads\dragonnest.251_download.exe
    2016-02-02 12:07 - 2016-02-02 12:07 - 00000000 ____D C:\Users\Owner\Documents\DragonNest
    2016-02-01 22:56 - 2016-02-01 22:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2016-02-01 21:51 - 2016-02-01 22:39 - 00104634 _____ C:\ZipSetupLog.txt
    2016-02-01 21:51 - 2016-02-01 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÍøÂç
    2016-02-01 21:51 - 2016-02-01 21:51 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÍøÂç
    2016-02-01 17:02 - 2016-02-01 19:44 - 00000027 _____ C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:38 - 00000000 ____D C:\Gamedownloader
    2016-02-01 16:32 - 2016-02-02 14:08 - 00000059 _____ C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-01 16:32 - 2016-02-01 16:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\lzg1024_setup
    2016-02-01 16:23 - 2016-02-02 14:38 - 03733896 _____ (ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Owner\Downloads\lzg1024_setup.exe
    2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
    2016-01-29 21:48 - 2016-02-14 19:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2016-01-29 21:43 - 2016-01-29 21:43 - 00003336 _____ C:\WINDOWS\System32\Tasks\{735EF87E-9250-4026-953E-D5F27030B7F1}
    2016-01-29 19:13 - 2016-01-29 19:13 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-01-29 19:13 - 2016-01-29 19:13 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-29 19:12 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-01-29 19:12 - 2016-01-29 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-22 21:54 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-01-29 19:12 - 2016-01-22 21:54 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01859936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-01-29 19:12 - 2016-01-22 19:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-01-29 19:11 - 2016-02-14 19:00 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-29 19:11 - 2016-01-29 19:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-29 19:11 - 2016-01-22 20:01 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-01-29 19:11 - 2016-01-22 20:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00123448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-01-29 19:11 - 2016-01-21 21:06 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-01-29 19:10 - 2016-01-25 12:34 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2016-01-29 19:10 - 2016-01-22 22:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
    2016-01-29 19:10 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2016-01-29 19:10 - 2015-12-18 01:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2016-01-29 19:10 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-01-29 19:08 - 2016-01-29 19:08 - 00000000 ____D C:\NVIDIA
    2016-01-29 19:07 - 2016-01-29 19:08 - 122461596 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql (1).exe.hj3lkj7.partial
    2016-01-28 15:46 - 2016-01-28 15:46 - 00000000 ____D C:\Users\Owner\Documents\League of Legends
    2016-01-28 12:00 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 12:00 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 11:59 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 11:59 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 11:59 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 11:59 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 11:59 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 11:59 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 11:59 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 11:59 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 11:59 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 11:59 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 11:59 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 11:59 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 11:59 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-28 00:38 - 2016-01-29 19:08 - 389921688 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql.exe
    2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2016-01-22 21:36 - 2016-01-22 21:42 - 27864920 _____ (Riot Games) C:\Users\Owner\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 20:09 - 2016-01-10 11:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-14 19:06 - 2015-11-16 23:47 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-14 19:06 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-14 19:01 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Local\NexonLauncher
    2016-02-14 19:01 - 2015-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-02-14 19:01 - 2015-11-16 22:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
    2016-02-14 19:00 - 2015-12-07 10:17 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-14 19:00 - 2015-11-16 21:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-14 19:00 - 2015-11-16 21:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-14 19:00 - 2015-11-16 20:59 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
    2016-02-14 19:00 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-14 18:39 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-14 17:35 - 2015-12-23 11:16 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E9C8FB6-6FFC-4CC2-94CB-F2E4A93C6C03}
    2016-02-13 12:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-12 14:14 - 2015-11-16 22:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\ProgramData\Lenovo
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-02-12 12:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-12 11:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-10 22:54 - 2016-01-02 21:13 - 00000000 ____D C:\Users\Owner\Downloads\PopcornTime
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-10 02:09 - 2015-11-16 21:54 - 00000000 ____D C:\Users\Owner
    2016-02-09 21:11 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-09 21:10 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-09 15:09 - 2015-11-16 21:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-09 15:07 - 2015-11-16 21:00 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-09 15:07 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Program Files\WinRAR
    2016-02-05 13:57 - 2015-11-16 20:52 - 00002363 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-05 13:57 - 2015-11-16 20:52 - 00000000 ___RD C:\Users\Owner\OneDrive
    2016-02-05 00:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-04 16:32 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NexonLauncher
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 20:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2016-02-02 14:07 - 2015-12-16 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Steam
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-01 18:23 - 2015-12-07 10:17 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-29 23:30 - 2015-12-16 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-29 19:13 - 2015-11-16 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
    2016-01-29 19:12 - 2015-11-16 21:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-29 19:12 - 2015-11-16 20:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-29 19:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-22 21:49 - 2015-12-07 10:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Riot Games
    2016-01-17 19:13 - 2016-01-06 14:24 - 00000000 ____D C:\Users\Owner\Documents\My Games
    2016-01-17 19:13 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Package Cache

    ==================== Files in the root of some directories =======

    2016-02-01 17:02 - 2016-02-01 19:44 - 0000027 _____ () C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:08 - 0000059 _____ () C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-14 18:39 - 2016-02-14 18:39 - 0431656 _____ () C:\ProgramData\1455492953.bdinstall.bin
    2015-11-16 21:53 - 2015-11-16 21:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Owner\AppData\Local\Temp\netease-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\ntes-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStereoApiI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-06 22:13

    ==================== End of FRST.txt ============================
     
  16. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by Owner (administrator) on DESKTOP-VMOPO8L (14-02-2016 21:33:56)
    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
    (Lenovo) C:\Users\Owner\AppData\Local\Apps\2.0\ATXHZA1T.709\0YBY38RA.6BW\lsb...tion_91a10ba61c75c82d_0001.0006_0f15e39c22fde514\LSB.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-11-16] (Realtek Semiconductor)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-11-16] (Realtek semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-16] (Synaptics Incorporated)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-16] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-04]
    ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{edfbb390-0da5-42ed-afde-6889329d0c89}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-07]
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-07]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-07]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-13] (SurfRight B.V.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-16] (Intel Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-22] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
    S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
    R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-01-21] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1695720 2016-02-01] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender)
    S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC)
    S4 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-16] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-11-16] (Intel Corporation)
    R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-11-16] (Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [759552 2015-11-16] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-11-16] (Realtek Semiconductor Corp.)
    S3 SDGame; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-16] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-14] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 20:17 - 2016-02-14 20:17 - 00001034 _____ C:\m.txt
    2016-02-14 20:12 - 2016-02-14 20:12 - 01508352 _____ C:\Users\Owner\Downloads\adwcleaner_5.033 (1).exe
    2016-02-14 19:00 - 2016-02-14 19:00 - 00000000 ____D C:\Users\Owner\AppData\Local\Foxit Reader
    2016-02-14 18:45 - 2016-02-14 18:45 - 00271808 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2016-02-14 18:40 - 2016-02-14 18:40 - 00000385 _____ C:\Users\Owner\AppData\Roaminguser_gensett.xml
    2016-02-14 18:39 - 2016-02-14 18:39 - 00431656 _____ C:\ProgramData\1455492953.bdinstall.bin
    2016-02-14 18:39 - 2016-02-14 18:39 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
    2016-02-14 18:39 - 2016-02-14 18:39 - 00002270 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000785 _____ C:\bdlog.txt
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2016-02-14 18:39 - 2016-02-14 18:39 - 00000000 ____D C:\ProgramData\BDLogging
    2016-02-14 18:39 - 2013-09-08 19:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2016-02-14 18:39 - 2009-07-14 12:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
    2016-02-14 18:39 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2016-02-14 18:38 - 2016-02-14 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Bitdefender
    2016-02-14 18:38 - 2016-01-22 08:12 - 00806344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2016-02-14 18:38 - 2016-01-22 08:11 - 01622512 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2016-02-14 18:38 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2016-02-14 18:37 - 2016-02-14 18:46 - 00000000 ____D C:\ProgramData\Bitdefender
    2016-02-14 18:37 - 2016-02-14 18:37 - 00000000 ____D C:\Program Files\Bitdefender
    2016-02-14 18:37 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2016-02-14 18:37 - 2015-04-29 13:32 - 00160032 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2016-02-14 18:35 - 2016-02-14 18:37 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2016-02-14 18:35 - 2016-02-14 18:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
    2016-02-14 18:32 - 2016-02-14 21:01 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-02-14 18:32 - 2016-02-14 18:32 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2016-02-14 18:32 - 2016-02-14 18:32 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2016-02-14 18:31 - 2016-02-14 18:32 - 09736920 _____ C:\Users\Owner\Downloads\bitdefender_windows_10e3f9de-f735-4a1c-b04a-82f170b8eee9.exe
    2016-02-14 17:02 - 2016-02-14 21:33 - 00015177 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-02-14 17:02 - 2016-02-14 17:03 - 00037180 _____ C:\Users\Owner\Downloads\Addition.txt
    2016-02-14 17:01 - 2016-02-14 21:29 - 00000000 ____D C:\FRST
    2016-02-14 17:01 - 2016-02-14 21:23 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2016-02-14 17:01 - 2016-02-14 17:01 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
    2016-02-14 13:41 - 2016-02-14 13:41 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (3).exe
    2016-02-14 13:29 - 2016-02-14 13:30 - 00255928 _____ C:\TDSSKiller.3.1.0.9_14.02.2016_13.29.15_log.txt
    2016-02-14 13:28 - 2016-02-14 13:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
    2016-02-14 13:27 - 2016-02-14 13:27 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (2).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (1).exe
    2016-02-14 13:24 - 2016-02-14 13:24 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT (1).exe
    2016-02-14 13:23 - 2016-02-14 13:23 - 00000683 _____ C:\Users\Owner\Desktop\JRT.txt
    2016-02-14 13:22 - 2016-02-14 13:35 - 05657023 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
    2016-02-14 13:22 - 2016-02-14 13:22 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
    2016-02-14 13:09 - 2016-02-14 13:09 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-02-14 13:08 - 2016-02-14 13:08 - 20943432 _____ C:\Users\Owner\Downloads\RogueKiller.exe
    2016-02-14 13:08 - 2016-02-14 13:08 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-14 13:06 - 2016-02-14 13:32 - 01508352 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2016-02-14 12:48 - 2016-02-14 12:48 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
    2016-02-14 12:48 - 2016-02-14 12:48 - 00002930 _____ C:\Users\Owner\Desktop\Rkill.txt
    2016-02-14 12:44 - 2016-02-14 13:32 - 00000000 ____D C:\AdwCleaner
    2016-02-14 12:43 - 2016-02-14 12:43 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
    2016-02-14 12:42 - 2016-02-14 12:49 - 01721344 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2016-02-14 12:38 - 2016-02-14 12:49 - 01508352 _____ C:\Users\Owner\Downloads\adwcleaner_5.033.exe
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
    2016-02-12 14:14 - 2016-02-12 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-02-09 14:29 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 14:29 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 14:29 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 14:29 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 14:29 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 14:29 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 14:29 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 14:29 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 14:29 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 14:29 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 14:29 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 14:29 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 14:29 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 14:29 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 14:29 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 14:29 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 14:29 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 14:29 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 14:29 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 14:29 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 14:29 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 14:29 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 14:29 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 14:29 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 14:29 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 14:29 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 14:29 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 14:29 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 14:29 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 14:29 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 14:29 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 14:29 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 14:29 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 14:29 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 14:29 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 14:29 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-08 15:31 - 2016-02-08 19:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-02-08 15:31 - 2016-02-08 15:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit AgentInformation
     
  17. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    2016-02-08 15:30 - 2016-02-08 15:30 - 00000000 ____D C:\Program Files (x86)\Foxit Software
    2016-02-08 15:28 - 2016-02-08 15:29 - 43048592 _____ (Foxit Software Inc. ) C:\Users\Owner\Downloads\FoxitReader73_enu_Setup_Prom.exe
    2016-02-08 15:19 - 2016-02-08 15:21 - 295249739 _____ C:\Users\Owner\Downloads\CB10h-Edition.pdf
    2016-02-08 15:14 - 2016-02-08 15:14 - 01992496 _____ C:\Users\Owner\Downloads\winrar-x64-531.exe
    2016-02-08 15:08 - 2016-02-08 15:08 - 00000197 _____ C:\Users\Owner\Downloads\aazea.com_0321775651.rar
    2016-02-05 00:23 - 2016-02-05 00:23 - 00003336 _____ C:\WINDOWS\System32\Tasks\{09059723-20CA-40B3-9C08-D8667C90FB5A}
    2016-02-02 15:02 - 2016-02-02 15:09 - 00001834 _____ C:\Users\Public\Desktop\ÁúÖ®¹È.lnk
    2016-02-02 14:24 - 2016-02-02 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÓÎÏ·
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\盛大游戏
    2016-02-02 14:22 - 2016-02-02 14:22 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÓÎÏ·
    2016-02-02 12:11 - 2016-02-02 14:58 - 00000000 ____D C:\lzg251
    2016-02-02 12:11 - 2016-02-02 12:11 - 00000000 ____D C:\ProgramData\SNDA
    2016-02-02 12:10 - 2016-02-02 12:11 - 03450376 _____ (盛大游戏) C:\Users\Owner\Downloads\dragonnest.251_download.exe
    2016-02-02 12:07 - 2016-02-02 12:07 - 00000000 ____D C:\Users\Owner\Documents\DragonNest
    2016-02-01 22:56 - 2016-02-01 22:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2016-02-01 21:51 - 2016-02-01 22:39 - 00104634 _____ C:\ZipSetupLog.txt
    2016-02-01 21:51 - 2016-02-01 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ê¢´óÍøÂç
    2016-02-01 21:51 - 2016-02-01 21:51 - 00000000 ____D C:\Program Files (x86)\Ê¢´óÍøÂç
    2016-02-01 17:02 - 2016-02-01 19:44 - 00000027 _____ C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:38 - 00000000 ____D C:\Gamedownloader
    2016-02-01 16:32 - 2016-02-02 14:08 - 00000059 _____ C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-01 16:32 - 2016-02-01 16:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\lzg1024_setup
    2016-02-01 16:23 - 2016-02-02 14:38 - 03733896 _____ (ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Owner\Downloads\lzg1024_setup.exe
    2016-01-29 23:56 - 2016-01-29 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
    2016-01-29 21:48 - 2016-02-14 19:21 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2016-01-29 21:43 - 2016-01-29 21:43 - 00003336 _____ C:\WINDOWS\System32\Tasks\{735EF87E-9250-4026-953E-D5F27030B7F1}
    2016-01-29 19:13 - 2016-01-29 19:13 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-01-29 19:13 - 2016-01-29 19:13 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-29 19:12 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-01-29 19:12 - 2016-01-29 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-01-29 19:12 - 2016-01-22 21:54 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-01-29 19:12 - 2016-01-22 21:54 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01859936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-01-29 19:12 - 2016-01-22 21:53 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-01-29 19:12 - 2016-01-22 19:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-01-29 19:11 - 2016-02-14 19:00 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-29 19:11 - 2016-01-29 19:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-29 19:11 - 2016-01-22 20:01 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-01-29 19:11 - 2016-01-22 20:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00123448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-01-29 19:11 - 2016-01-21 21:06 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-01-29 19:10 - 2016-01-25 12:34 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2016-01-29 19:10 - 2016-01-22 22:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2016-01-29 19:10 - 2016-01-22 22:31 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
    2016-01-29 19:10 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
    2016-01-29 19:10 - 2015-12-18 01:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
    2016-01-29 19:10 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-01-29 19:08 - 2016-01-29 19:08 - 00000000 ____D C:\NVIDIA
    2016-01-29 19:07 - 2016-01-29 19:08 - 122461596 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql (1).exe.hj3lkj7.partial
    2016-01-28 15:46 - 2016-01-28 15:46 - 00000000 ____D C:\Users\Owner\Documents\League of Legends
    2016-01-28 12:00 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 12:00 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 11:59 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 11:59 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 11:59 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 11:59 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 11:59 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 11:59 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 11:59 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 11:59 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 11:59 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 11:59 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 11:59 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 11:59 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 11:59 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 11:59 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 11:59 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 11:59 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 11:59 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 11:59 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 11:59 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 11:59 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 11:59 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 11:59 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 11:59 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 11:59 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 11:59 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 11:59 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 11:59 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 11:59 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 11:59 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 11:59 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 11:59 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 11:59 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 11:59 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 11:59 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 11:59 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 11:59 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 11:59 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 11:59 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-28 00:38 - 2016-01-29 19:08 - 389921688 _____ (NVIDIA Corporation) C:\Users\Owner\Downloads\361.75-notebook-win10-64bit-international-whql.exe
    2016-01-22 21:44 - 2016-01-22 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2016-01-22 21:36 - 2016-01-22 21:42 - 27864920 _____ (Riot Games) C:\Users\Owner\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-14 20:09 - 2016-01-10 11:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-14 19:06 - 2015-11-16 23:47 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-14 19:06 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-14 19:01 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Local\NexonLauncher
    2016-02-14 19:01 - 2015-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-02-14 19:01 - 2015-11-16 22:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
    2016-02-14 19:00 - 2015-12-07 10:17 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-14 19:00 - 2015-11-16 21:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-14 19:00 - 2015-11-16 21:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-14 19:00 - 2015-11-16 20:59 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
    2016-02-14 19:00 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-14 18:39 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-14 17:35 - 2015-12-23 11:16 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E9C8FB6-6FFC-4CC2-94CB-F2E4A93C6C03}
    2016-02-13 12:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-12 14:14 - 2015-11-16 22:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\ProgramData\Lenovo
    2016-02-12 14:14 - 2015-11-16 22:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-02-12 12:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-12 11:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-10 22:54 - 2016-01-02 21:13 - 00000000 ____D C:\Users\Owner\Downloads\PopcornTime
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-10 16:29 - 2015-12-07 10:18 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-10 02:09 - 2015-11-16 21:54 - 00000000 ____D C:\Users\Owner
    2016-02-09 21:11 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-09 21:10 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-09 15:09 - 2015-11-16 21:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-09 15:07 - 2015-11-16 21:00 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-09 15:07 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-08 15:14 - 2015-11-16 22:49 - 00000000 ____D C:\Program Files\WinRAR
    2016-02-05 13:57 - 2015-11-16 20:52 - 00002363 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-05 13:57 - 2015-11-16 20:52 - 00000000 ___RD C:\Users\Owner\OneDrive
    2016-02-05 00:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-04 16:32 - 2015-12-16 16:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NexonLauncher
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 20:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2016-02-02 14:07 - 2015-12-16 14:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Steam
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 18:23 - 2015-12-07 10:17 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-01 18:23 - 2015-12-07 10:17 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-29 23:30 - 2015-12-16 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-29 19:13 - 2015-11-16 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
    2016-01-29 19:12 - 2015-11-16 21:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-29 19:12 - 2015-11-16 20:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-29 19:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-29 16:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-22 21:49 - 2015-12-07 10:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Riot Games
    2016-01-17 19:13 - 2016-01-06 14:24 - 00000000 ____D C:\Users\Owner\Documents\My Games
    2016-01-17 19:13 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Package Cache

    ==================== Files in the root of some directories =======

    2016-02-01 17:02 - 2016-02-01 19:44 - 0000027 _____ () C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:08 - 0000059 _____ () C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-14 18:39 - 2016-02-14 18:39 - 0431656 _____ () C:\ProgramData\1455492953.bdinstall.bin
    2015-11-16 21:53 - 2015-11-16 21:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Owner\AppData\Local\Temp\netease-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\ntes-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStereoApiI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-06 22:13

    ==================== End of FRST.txt ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You posted FRST.txt log twice.
    I still need Addition.txt log.
     
  19. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Its only giving me frst.txt how do I get addition.txt
     
  20. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Dditional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by Owner (2016-02-15 12:20:17)
    Running from C:\Users\Owner\Downloads
    Windows 10 Pro (X64) (2015-11-17 02:56:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3197005435-3639198766-659270671-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3197005435-3639198766-659270671-503 - Limited - Disabled)
    Guest (S-1-5-21-3197005435-3639198766-659270671-501 - Limited - Disabled)
    Owner (S-1-5-21-3197005435-3639198766-659270671-1001 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ÁúÖ®¹È (HKLM-x32\...\DragonNest) (Version: 2.0.8.251 - SHANDAGAMES)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
    Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.25.1378 - Bitdefender)
    CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.2.0.13 - Lenovo)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    ÍøÒ×-ÌìÚÍ (HKLM-x32\...\tianyu) (Version: 1.0.130 - ÍøÒ×£¨º¼ÖÝ£©ÍøÂçÓÐÏÞ¹«Ë¾)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Lenovo BatteryGauge (HKLM\...\{B8D3ED8D-A295-44C2-8AE1-56823D44AD1F}) (Version: 1.0.017.00 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3197005435-3639198766-659270671-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.0.0 - Lenovo)
    Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
    LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
    WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3197005435-3639198766-659270671-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2E260F9A-33F5-410C-9462-2D02AC96725B} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [2016-02-01] (Bitdefender)
    Task: {2F25D1D9-0448-428B-B454-17CF4E1FD628} - System32\Tasks\{09B16D9D-082B-4636-A5E2-BF03E6FD480B} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
    Task: {60E97DA1-2642-4D19-A7D8-1656A77C3B0F} - System32\Tasks\{09059723-20CA-40B3-9C08-D8667C90FB5A} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
    Task: {7BE9D574-5497-4FDF-9AD5-5A9F29F5875F} - System32\Tasks\{735EF87E-9250-4026-953E-D5F27030B7F1} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
    Task: {837E182B-4407-4868-909A-4FD5389BF324} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
    Task: {8FBB7972-4AE1-4E8F-A608-0034F897C555} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
    Task: {A44838B7-2B2A-48E0-BBCC-A1484FADC0A2} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3197005435-3639198766-659270671-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {A5E7CA59-FC52-4616-989A-2F86FDAC0908} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-07] (Google Inc.)
    Task: {BB2903F6-EDDD-42B1-B9EC-84694C40AC28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-07] (Google Inc.)
    Task: {E5AE8CB9-73CB-4158-9499-1515BE4F320E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
    Task: {F947A237-880C-4D88-9807-B7FC4523AE08} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-29 19:11 - 2016-01-22 20:01 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-01-29 19:12 - 2016-01-22 21:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-07 10:25 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-22 13:21 - 2016-01-22 13:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-11-16 20:59 - 2015-11-16 20:59 - 00405416 _____ () C:\WINDOWS\system32\igfxTray.exe
    2015-12-17 23:48 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-17 23:48 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-17 23:48 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2015-11-16 22:52 - 2015-11-16 22:52 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2015-11-16 22:52 - 2015-11-16 22:52 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2016-02-14 18:38 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
    2016-02-14 18:39 - 2016-01-25 19:51 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
    2016-02-14 18:39 - 2016-01-25 19:51 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
    2016-02-14 18:39 - 2016-01-25 19:51 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
    2016-02-14 18:39 - 2016-01-25 19:51 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
    2016-02-14 18:38 - 2016-01-29 19:11 - 00519000 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\intermsec.dll
    2016-02-14 18:39 - 2015-12-15 19:21 - 00159232 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\ui\ltr\intermsec.ui
    2016-02-14 18:39 - 2016-02-02 19:48 - 00030208 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\lang\en-US\intermsec.txtui
    2016-02-14 18:39 - 2016-02-02 19:47 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\lang\en-US\bdaphconp.txtui
    2016-02-14 18:38 - 2016-01-14 18:35 - 00061392 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bddpsp.dll
    2016-01-13 00:29 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-13 00:29 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 11:59 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 11:59 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-13 00:29 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-10-30 02:18 - 2015-10-30 02:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    2015-11-16 20:55 - 2015-11-16 20:55 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    2016-02-10 14:58 - 2016-02-10 14:58 - 02364928 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.10\deploy\LoLLauncher.exe
    2016-02-10 14:58 - 2016-02-10 14:58 - 04287488 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\LoLPatcher.exe
    2016-01-22 22:35 - 2016-01-22 22:35 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\LolClient.exe
    2016-01-22 13:21 - 2016-01-22 13:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 13:21 - 2016-01-22 13:21 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-01-29 19:12 - 2016-01-22 21:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-12-16 14:23 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-12-16 14:23 - 2016-02-04 16:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-12-16 14:23 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-12-16 14:23 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-12-16 14:23 - 2016-02-04 16:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-12-16 14:23 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2015-12-16 14:23 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-12-16 16:54 - 2015-12-12 19:02 - 00044544 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_socket.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00899584 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ssl.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00087552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_ctypes.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00358400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_hashlib.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00100352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32api.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00110080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\pywintypes27.dll
    2015-12-16 16:54 - 2015-12-12 19:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\select.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00036864 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32process.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00485888 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libsodium.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00516096 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\libzmq.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00038400 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\constants.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00014336 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\error.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00046080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\message.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00032256 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\context.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00073216 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\socket.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00023552 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\utils.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00029696 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_poll.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00012800 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_version.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00025088 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\backend\cython\_device.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00027136 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_multiprocessing.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\zmq\devices\monitoredqueue.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00036352 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\_psutil_mswindows.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00167936 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\win32gui.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00009728 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Random\OSRNG\winrandom.pyd
    2015-12-16 16:53 - 2015-12-12 19:02 - 00010240 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Util\_counter.pyd
    2015-12-16 16:54 - 2015-12-12 19:02 - 00029184 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\lib\Crypto\Cipher\_AES.pyd
    2015-12-16 16:54 - 2015-11-19 15:03 - 00160768 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\tray\mxwin.pyd
    2015-12-16 16:53 - 2015-11-19 15:03 - 00031232 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\modules\tray\Nexon.Mantis.Client.Resources.dll
    2015-12-16 16:53 - 2015-12-12 19:02 - 00686080 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\unicodedata.pyd
    2015-11-16 22:56 - 2015-02-12 16:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
    2016-02-10 14:58 - 2016-02-10 14:58 - 01458176 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.50\deploy\RiotLauncher.dll
    2016-01-22 22:22 - 2016-01-22 22:22 - 04885152 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
    2016-01-22 22:22 - 2016-01-22 22:22 - 17414304 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Owner\Downloads\adwcleaner_5.033 (1).exe:BDU
    AlternateDataStreams: C:\Users\Owner\Downloads\FRST64 (2).exe:BDU

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-30 17:42 - 2016-02-15 11:42 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3197005435-3639198766-659270671-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Downloads\cherry_blossom_tunnel.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [TCP Query User{9EEDA7EA-FB82-463B-9ABF-F480F9DEE9ED}C:\users\owner\downloads\tianyu_dl_0730.exe] => (Allow) C:\users\owner\downloads\tianyu_dl_0730.exe
    FirewallRules: [UDP Query User{5ACFB03D-B664-429F-A831-9BBFB56B75A9}C:\users\owner\downloads\tianyu_dl_0730.exe] => (Allow) C:\users\owner\downloads\tianyu_dl_0730.exe
    FirewallRules: [TCP Query User{37AAE1B4-79B5-4290-AFBE-F878C83F7C0D}C:\users\owner\appdata\local\temp\netease-tianyu.exe] => (Allow) C:\users\owner\appdata\local\temp\netease-tianyu.exe
    FirewallRules: [UDP Query User{A1B1765D-B21C-4D2B-9BDB-292807D10504}C:\users\owner\appdata\local\temp\netease-tianyu.exe] => (Allow) C:\users\owner\appdata\local\temp\netease-tianyu.exe
    FirewallRules: [TCP Query User{A53C1BDC-47C8-42F7-B368-A1CA6CA28F4B}C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe
    FirewallRules: [UDP Query User{EA7A4CFE-45A7-434B-AD6D-1E60CBB86430}C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\pgloader.exe
    FirewallRules: [TCP Query User{F95E48A8-C2A8-4612-BCC8-28C4E214F543}C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe
    FirewallRules: [UDP Query User{07C15253-EE24-4E14-A1AB-6484FF9B90B0}C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe] => (Allow) C:\users\owner\appdata\local\temp\pg_download_temp_file\p2pupdater.exe
    FirewallRules: [TCP Query User{69DC82E0-0D37-46FF-BC73-D8EFD959BD11}C:\program files (x86)\netease\ty\game\tianyu.exe] => (Allow) C:\program files (x86)\netease\ty\game\tianyu.exe
    FirewallRules: [UDP Query User{B741CC80-62DC-42AC-80B6-849E6D0598E2}C:\program files (x86)\netease\ty\game\tianyu.exe] => (Allow) C:\program files (x86)\netease\ty\game\tianyu.exe
    FirewallRules: [{8D3069F9-E5E5-42FE-9912-5080374280FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3D127AE5-DB40-4F3C-B8FD-72F41B152B49}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{17E98202-4072-4D11-A68A-65CC24C94AA6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1FB7C382-110D-4A1F-9031-BFB14D62128E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{C34E3C2C-FB8F-4E19-9319-3D6A730F0135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{FE2E09D4-6E18-4221-88A5-E57848868996}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{D0225C20-E3C6-469A-8069-A3322FAD312A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{7E3E8AD8-066E-4AA6-9348-DD339D8AD291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{5B0DF0BE-E379-4234-A9EE-DDE260C27BFF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{5A276C42-5110-4373-8B0A-B53338083020}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{29038CB8-4361-4E1A-A5D5-9A8BEE316427}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{BD922299-EA3C-4E11-97AB-D3DD9CFE2F73}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{C54371B0-A77B-4977-82AE-F86C3C833BE6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{4301086A-0880-4783-B4A0-8D74D1F1ED32}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{C670E80B-C297-4217-BC31-FD4B83D42855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{9310A6DB-4E7B-4230-ACD0-8984CC26466B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{F3DE407D-E6C7-47D0-9F02-2DE64D0DC504}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{2AF0B00D-C9A1-4C26-90BB-6F9573279FC0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{5AEB6F71-F773-4FFD-BBE1-8651A9B9289D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{41FF28EC-7F02-420C-8385-927452B44D8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{A5A7E3C1-EDA0-4C27-B3F3-2BC8FD6A419A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{2EDDB6A6-AC67-4967-9E80-B44BA42758BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{281AB3DF-B434-40EB-8A7E-41B34A5422AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{A91394E6-BF53-4436-9973-A566ED83E162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{66F91DB2-0693-4144-A44D-470C6848EAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
    FirewallRules: [{29EF3BF2-B55F-45E6-B0DF-E3B5DB76B26C}] => (Allow) C:\Users\Owner\Downloads\lzg1024_setup.exe
    FirewallRules: [{8D4534D1-C702-431D-B2F5-B39B1703CA8A}] => (Allow) C:\Users\Owner\Downloads\lzg1024_setup.exe
    FirewallRules: [TCP Query User{94341CC4-F3D9-4830-93A3-BCFD2990511B}C:\users\owner\downloads\dragonnest.251_download.exe] => (Allow) C:\users\owner\downloads\dragonnest.251_download.exe
    FirewallRules: [UDP Query User{8D036A37-0F6C-4E28-889A-92FE15AC9DF1}C:\users\owner\downloads\dragonnest.251_download.exe] => (Allow) C:\users\owner\downloads\dragonnest.251_download.exe
    FirewallRules: [{7946DA7C-E153-442A-AD68-EDA3CF4B2A24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{221CCADE-293B-46F8-8776-1E49DBAB9FB6}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
    FirewallRules: [{303C9904-D45A-4C2C-A941-02F6CCDFE589}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

    ==================== Restore Points =========================

    28-01-2016 20:26:32 Windows Update
    06-02-2016 12:24:51 Scheduled Checkpoint
    09-02-2016 15:06:21 Windows Update
    14-02-2016 13:22:45 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2016 11:48:10 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

    Error: (02/15/2016 11:48:10 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (02/14/2016 07:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x2398
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/14/2016 07:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: vsserv.exe, version: 20.0.25.1375, time stamp: 0x56af6256
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000374
    Fault offset: 0x00000000000ee71c
    Faulting process id: 0x45c
    Faulting application start time: 0xvsserv.exe0
    Faulting application path: vsserv.exe1
    Faulting module path: vsserv.exe2
    Report Id: vsserv.exe3
    Faulting package full name: vsserv.exe4
    Faulting package-relative application ID: vsserv.exe5

    Error: (02/14/2016 06:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: vsserv.exe, version: 20.0.25.1375, time stamp: 0x56af6256
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000374
    Fault offset: 0x00000000000ee71c
    Faulting process id: 0xcbc
    Faulting application start time: 0xvsserv.exe0
    Faulting application path: vsserv.exe1
    Faulting module path: vsserv.exe2
    Report Id: vsserv.exe3
    Faulting package full name: vsserv.exe4
    Faulting package-relative application ID: vsserv.exe5

    Error: (02/14/2016 05:07:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
    Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
    Exception code: 0xc0000005
    Fault offset: 0x0000000000151c3a
    Faulting process id: 0x1f00
    Faulting application start time: 0xmicrosoftedgecp.exe0
    Faulting application path: microsoftedgecp.exe1
    Faulting module path: microsoftedgecp.exe2
    Report Id: microsoftedgecp.exe3
    Faulting package full name: microsoftedgecp.exe4
    Faulting package-relative application ID: microsoftedgecp.exe5

    Error: (02/14/2016 01:22:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
    Exception code: 0xc0000005
    Fault offset: 0x00000000000780cd
    Faulting process id: 0x1144
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5

    Error: (02/14/2016 01:22:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/14/2016 12:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.103, time stamp: 0x56a84dc4
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
    Exception code: 0xc0000005
    Fault offset: 0x00000000000780cd
    Faulting process id: 0x17cc
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5

    Error: (02/13/2016 11:33:35 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    System errors:
    =============
    Error: (02/15/2016 10:42:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/15/2016 02:30:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 11:13:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 10:07:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 07:14:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/14/2016 07:00:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VMOPO8L)
    Description: {0002DF02-0000-0000-C000-000000000046}

    Error: (02/14/2016 07:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_39abf service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/14/2016 07:00:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/14/2016 06:58:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/14/2016 04:05:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


    CodeIntegrity:
    ===================================
    Date: 2016-02-13 23:33:31.590
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-12 12:04:00.450
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-10 02:11:38.331
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-09 22:13:14.071
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-09 21:11:17.296
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 11:07:16.458
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-05 12:15:35.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-03 22:48:02.526
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-30 10:41:39.774
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-29 16:40:03.637
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
    Percentage of memory in use: 54%
    Total physical RAM: 8104.27 MB
    Available physical RAM: 3666.96 MB
    Total Virtual: 10024.27 MB
    Available Virtual: 5518.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.92 GB) (Free:121.54 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: D7916CC8)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Running from C:\Users\Owner\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    2016-02-01 17:02 - 2016-02-01 19:44 - 0000027 _____ () C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini
    2016-02-01 16:32 - 2016-02-02 14:08 - 0000059 _____ () C:\Users\Owner\AppData\Roaming\xlgdlapp.ini
    2016-02-14 18:39 - 2016-02-14 18:39 - 0431656 _____ () C:\ProgramData\1455492953.bdinstall.bin
    2015-11-16 21:53 - 2015-11-16 21:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Owner\AppData\Local\Temp\netease-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\ntes-tianyu.exe
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStereoApiI64.dll
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
    AlternateDataStreams: C:\Users\Owner\Downloads\adwcleaner_5.033 (1).exe:BDU
    AlternateDataStreams: C:\Users\Owner\Downloads\FRST64 (2).exe:BDU

    *****************

    C:\Users\Owner\AppData\Roaming\xlaccolsetupstatus.ini => moved successfully
    C:\Users\Owner\AppData\Roaming\xlgdlapp.ini => moved successfully
    C:\ProgramData\1455492953.bdinstall.bin => moved successfully
    Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
    C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Owner\AppData\Local\Temp\netease-tianyu.exe => moved successfully
    C:\Users\Owner\AppData\Local\Temp\ntes-tianyu.exe => moved successfully
    C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
    C:\Users\Owner\AppData\Local\Temp\nvStereoApiI64.dll => moved successfully
    C:\Users\Owner\AppData\Local\Temp\nvStInst.exe => moved successfully
    C:\Users\Owner\Downloads\adwcleaner_5.033 (1).exe => ":BDU" ADS removed successfully.
    C:\Users\Owner\Downloads\FRST64 (2).exe => ":BDU" ADS removed successfully.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-15 22:14:32)

    C:\ProgramData\DP45977C.lfl => Is moved successfully

    ==== End of Fixlog 22:14:32 ====
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  24. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    Bitdefender Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (48.0.2564.103)
    Google Chrome (48.0.2564.109)
    ````````Process Check: objlist.exe by Laurent````````
    Bitdefender Bitdefender 2016 vsserv.exe
    Bitdefender Bitdefender 2016 updatesrv.exe
    Bitdefender Agent ProductAgentService.exe
    Bitdefender Bitdefender 2016 bdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  25. MalwareMagnet

    MalwareMagnet TS Enthusiast Topic Starter Posts: 44

    • Farbar Service Scanner Version: 27-01-2016
      Ran by Owner (administrator) on 15-02-2016 at 23:29:09
      Running from "C:\Users\Owner\Downloads"
      Microsoft Windows 10 Pro (X64)
      Boot Mode: Normal
      ****************************************************************

      Internet Services:
      ============

      Connection Status:
      ==============
      Localhost is accessible.
      LAN connected.
      Attempt to access Google IP returned error. Google IP is unreachable
      Google.com is accessible.
      Yahoo.com is accessible.


      Other Services:
      ==============


      File Check:
      ========
      C:\Windows\System32\nsisvc.dll => File is digitally signed
      C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
      C:\Windows\System32\drivers\afd.sys => File is digitally signed
      C:\Windows\System32\drivers\tdx.sys => File is digitally signed
      C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
      C:\Windows\System32\dnsrslvr.dll => File is digitally signed
      C:\Windows\System32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\System32\svchost.exe => File is digitally signed
      C:\Windows\System32\rpcss.dll => File is digitally signed


      **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...