-
Posts
116 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
2,060 profile views
-
I will look into running a disk check. In terms of malware, nothing is out of the ordinary at this point in time.
-
Ran the TFC cleaner and reset all the browser settings. No problems with any browsers to be reported. Although I had the computer run Windows Updates after restart and Windows Update failed to complete the updates.
-
Here is the ComboFix log, attached. ComboFix.txt
-
Here you go. FRST.txt Addition.txt
-
JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 7 Home Premium x64 Ran by Jordan (Administrator) on Sat 10/29/2016 at 15:51:21.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Successfully deleted: C:\ProgramData\esellerate (Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GXTVZSI (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0RKGIV (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJ4FSUF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P13BX1O (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON7X23GU (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONH9U4ZZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT66MXIX (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5LNZP8S (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GXTVZSI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0RKGIV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJ4FSUF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P13BX1O (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON7X23GU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONH9U4ZZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT66MXIX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5LNZP8S (Temporary Internet Files Folder) Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/29/2016 at 15:54:31.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v6.030 - Logfile created 29/10/2016 at 16:01:43 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-28.2 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Jordan - JORDAN-PC # Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\Software\Enigma Protector [#] Key deleted on reboot: HKCU\Software\Enigma Protector [#] Key deleted on reboot: [x64] HKCU\Software\Enigma Protector ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [983 Bytes] - [29/10/2016 16:01:43] C:\AdwCleaner\AdwCleaner[S0].txt - [1306 Bytes] - [29/10/2016 16:01:15] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1128 Bytes] ########## Sophos Virus Removal Tool found no threats. However, I had to disable my Kaspersky because it detected the installation file as malware. Here is the Kasperky log containing the details of the threat detection: 29.10.2016 16.06.27 Detected object (file) deleted C:\Users\Jordan\Desktop\Unconfirmed 848200.crdownload File: C:\Users\Jordan\Desktop\Unconfirmed 848200.crdownload Object name: Packed.NSIS.FileMonster.gen Object type: Trojan program Time: 10/29/2016 4:06 PM FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016 Ran by Jordan (administrator) on JORDAN-PC (29-10-2016 19:11:52) Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-26] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard ) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2016-01-28] (CyberLink) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1483888 2016-10-23] (Spotify Ltd) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [3065272 2016-01-28] (CyberLink Corp.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F5CDA2E0-CF64-4564-B668-F23236FE717D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\mgjuscpf.default [2016-10-29] FF Extension: (All Aboard) - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\mgjuscpf.default\Extensions\@all-aboard-v1-2 [2016-10-03] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) Chrome: ======= CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default [2016-10-29] CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-03] CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03] CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03] CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-03] CHR Extension: (Adblock Plus) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-03] CHR Extension: (Kaspersky Protection) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-03] CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03] CHR Extension: (AdBlock) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-23] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-03] CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03] CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-23] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CLVirtualBus01; C:\Windows\System32\DRIVERS\CLVirtualBus01.sys [95496 2014-11-05] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-10-03] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-10-03] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-10-03] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-10-03] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-29] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-08-04] (NVIDIA Corporation) R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-29 19:11 - 2016-10-29 19:12 - 00017313 _____ C:\Users\Jordan\Desktop\FRST.txt 2016-10-29 19:11 - 2016-10-29 19:11 - 02408448 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe 2016-10-29 19:11 - 2016-10-29 19:11 - 00000000 ____D C:\FRST 2016-10-29 18:15 - 2016-10-29 18:16 - 01239752 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\wlsetup-web.exe 2016-10-29 16:17 - 2016-10-29 16:17 - 00000263 _____ C:\Users\Jordan\Documents\kasperskydetect.txt 2016-10-29 16:10 - 2016-10-29 16:10 - 00000000 ____D C:\ProgramData\Sophos 2016-10-29 16:09 - 2016-10-29 16:09 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-10-29 16:09 - 2016-10-29 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-10-29 16:09 - 2016-10-29 16:09 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-10-29 16:07 - 2016-10-29 16:07 - 155779048 _____ (Sophos Limited) C:\Users\Jordan\Desktop\Sophos Virus Removal Tool.exe 2016-10-29 16:00 - 2016-10-29 16:01 - 00000000 ____D C:\AdwCleaner 2016-10-29 15:59 - 2016-10-29 15:59 - 03910208 _____ C:\Users\Jordan\Desktop\AdwCleaner.exe 2016-10-29 15:54 - 2016-10-29 15:54 - 00005180 _____ C:\Users\Jordan\Desktop\JRT.txt 2016-10-29 15:51 - 2016-10-29 15:51 - 01631928 _____ (Malwarebytes) C:\Users\Jordan\Desktop\JRT.exe 2016-10-29 15:50 - 2016-10-29 15:50 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\NVIDIA 2016-10-23 13:38 - 2016-10-23 13:38 - 00000000 ____D C:\fd13ef3f579df7ebfd39b4fa1723 2016-10-16 17:43 - 2016-10-16 17:43 - 12270846 _____ C:\Users\Jordan\Downloads\ethiopian777200lr.zip 2016-10-16 17:43 - 2016-10-16 17:43 - 00000000 ____D C:\Users\Jordan\Downloads\ethiopian777200lr 2016-10-16 16:42 - 2016-10-29 15:49 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\CyberLink 2016-10-16 16:42 - 2016-10-16 16:42 - 00000000 ____D C:\Users\Jordan\AppData\Local\Power2Go10 2016-10-16 16:41 - 2016-10-16 16:41 - 00002205 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ____D C:\Users\Public\Documents\CyberLink 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ____D C:\Users\Jordan\AppData\Local\CyberLink 2016-10-16 16:40 - 2016-10-16 16:40 - 00002079 _____ C:\Users\Public\Desktop\CyberLink LabelPrint 2.5.lnk 2016-10-16 16:40 - 2016-10-16 16:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5 2016-10-16 16:40 - 2016-10-16 16:40 - 00000000 ____D C:\ProgramData\Temp 2016-10-16 16:39 - 2016-10-16 16:41 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2016-10-16 16:39 - 2016-10-16 16:41 - 00000000 ____D C:\Program Files (x86)\CyberLink 2016-10-16 16:39 - 2016-10-16 16:39 - 00002203 _____ C:\Users\Public\Desktop\CyberLink Power2Go 10.lnk 2016-10-16 16:39 - 2016-10-16 16:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 10 2016-10-16 16:39 - 2016-10-16 16:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_CLVirtualBus01_01009.Wdf 2016-10-16 16:39 - 2014-11-05 05:17 - 00095496 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualBus01.sys 2016-10-16 16:39 - 2009-07-14 02:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2016-10-16 16:38 - 2016-10-16 16:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR 2016-10-16 16:38 - 2016-10-16 16:40 - 00000000 ____D C:\ProgramData\install_clap 2016-10-16 16:37 - 2016-10-16 16:37 - 00000000 ____D C:\Users\Jordan\Downloads\CyberLink Power2Go 2016-10-16 16:36 - 2016-10-16 16:53 - 00000000 ____D C:\ProgramData\CyberLink 2016-10-16 16:36 - 2016-10-16 16:36 - 01089304 _____ (CyberLink) C:\Users\Jordan\Downloads\CyberLink_Power2Go_Downloader.exe 2016-10-15 22:49 - 2016-10-23 22:14 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify 2016-10-15 22:49 - 2016-10-23 22:04 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify 2016-10-15 22:49 - 2016-10-15 22:49 - 00356056 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe 2016-10-15 22:49 - 2016-10-15 22:49 - 00001811 _____ C:\Users\Jordan\Desktop\Spotify.lnk 2016-10-15 22:49 - 2016-10-15 22:49 - 00001797 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-10-15 22:48 - 2016-10-15 22:48 - 27474545 _____ (soundbounce.org ) C:\Users\Jordan\Downloads\soundbounce-setup-v1.0.exe 2016-10-15 22:48 - 2016-10-15 22:48 - 00001047 _____ C:\Users\Public\Desktop\Soundbounce.lnk 2016-10-15 22:48 - 2016-10-15 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soundbounce 2016-10-15 22:48 - 2016-10-15 22:48 - 00000000 ____D C:\Program Files (x86)\Soundbounce 2016-10-15 20:44 - 2016-10-15 21:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc 2016-10-15 20:44 - 2016-10-15 20:44 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-10-15 20:44 - 2016-10-15 20:44 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\dvdcss 2016-10-15 20:44 - 2016-10-15 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-10-15 20:43 - 2016-10-15 20:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-10-15 20:42 - 2016-10-15 20:43 - 30533688 _____ C:\Users\Jordan\Downloads\vlc-2.2.4-win32.exe 2016-10-14 21:30 - 2016-10-14 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\527473B7.sys 2016-10-14 21:06 - 2016-10-14 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2016-10-10 17:45 - 2016-10-10 17:45 - 01257052 _____ C:\Users\Jordan\Downloads\vghs_ade_dyna_fsx_p3d.zip 2016-10-10 12:03 - 2016-10-10 12:03 - 32187625 _____ C:\Users\Jordan\Downloads\captain_sim_b777_repaint_egyptair_su-gbr.zip 2016-10-10 12:03 - 2016-10-10 12:03 - 00000000 ____D C:\Users\Jordan\Downloads\captain_sim_b777_repaint_egyptair_su-gbr 2016-10-08 15:44 - 2016-10-08 15:44 - 00000000 ____D C:\Users\Jordan\Documents\Custom Office Templates 2016-10-08 13:17 - 2016-10-08 13:17 - 21665483 _____ C:\Users\Jordan\Downloads\fdsfxpnl.zip 2016-10-08 13:17 - 2016-10-08 13:17 - 00000000 ____D C:\Users\Jordan\Downloads\fdsfxpnl 2016-10-08 13:15 - 2016-10-08 13:15 - 07125379 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx772_1710.exe 2016-10-08 13:04 - 2016-10-08 13:04 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim 2016-10-08 13:04 - 2016-10-08 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim 2016-10-08 13:03 - 2016-10-08 13:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\CaptainSim 2016-10-08 13:02 - 2016-10-08 13:16 - 00000000 ____D C:\ProgramData\CaptainSim 2016-10-08 12:57 - 2016-10-08 13:00 - 303037010 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx772_1700.exe 2016-10-08 12:57 - 2016-10-08 12:58 - 31847388 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx773_1700.exe 2016-10-08 12:51 - 2016-10-08 13:01 - 00002165 _____ C:\Users\Jordan\Desktop\XPax.lnk 2016-10-08 12:51 - 2016-10-08 13:00 - 00000000 ____D C:\Windows\Downloaded Installations 2016-10-08 12:51 - 2016-10-08 12:53 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\HiFi 2016-10-08 12:51 - 2016-10-08 12:51 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiFi 2016-10-08 12:51 - 2016-10-08 12:51 - 00000000 ____D C:\Program Files (x86)\HiFi 2016-10-08 12:49 - 2016-10-08 12:50 - 00000000 ____D C:\Users\Jordan\Downloads\Hifisim-XPax 2016-10-08 12:41 - 2016-10-08 12:46 - 169396374 _____ C:\Users\Jordan\Downloads\Hifisim-XPax.zip 2016-10-08 12:40 - 2016-10-08 12:40 - 00000000 ____D C:\Users\Jordan\Downloads\XPax_Update_SP2_B356 2016-10-08 12:39 - 2016-10-08 12:39 - 05274787 _____ C:\Users\Jordan\Downloads\XPax_Update_SP2_B356.zip 2016-10-08 12:36 - 2016-10-08 12:36 - 00000000 ____D C:\Users\Jordan\Downloads\FSCaptain 2016-10-08 12:34 - 2016-10-08 12:35 - 183922810 _____ C:\Users\Jordan\Downloads\FSCaptain.zip 2016-10-08 12:29 - 2016-10-16 17:38 - 00000000 ____D C:\Users\Jordan\Documents\Flight Simulator X - Steam Edition Files 2016-10-08 12:25 - 2016-10-08 12:25 - 00000000 ____D C:\Users\Jordan\Downloads\vsaxdal1 2016-10-08 12:22 - 2016-10-08 12:23 - 05606083 _____ C:\Users\Jordan\Downloads\vsaxdal1.zip 2016-10-08 12:20 - 2016-10-08 12:20 - 01350156 _____ C:\Users\Jordan\Downloads\1608_Delta_Safety.zip 2016-10-08 12:20 - 2016-10-08 12:20 - 00000000 ____D C:\Users\Jordan\Downloads\1608_Delta_Safety 2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll 2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll 2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll 2016-10-07 21:12 - 2016-10-07 21:12 - 00002164 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ___RD C:\Users\Jordan\OneDrive 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2016-10-07 21:11 - 2016-10-23 13:38 - 00000000 ___HT C:\Windows\wusa.lock 2016-10-07 21:11 - 2016-10-07 21:11 - 00000000 ____D C:\13d9101e426ce389ad9452d2 2016-10-07 21:07 - 2016-10-07 21:07 - 00002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2016-10-07 21:05 - 2016-10-23 13:38 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-10-07 21:05 - 2016-10-07 21:05 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-10-07 21:03 - 2016-10-23 13:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-10-07 21:03 - 2016-10-07 21:03 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-10-07 21:02 - 2016-10-07 21:02 - 03768120 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Setup.X86.en-US_O365HomePremRetail_0380fcf4-070a-4dfb-bed2-1752963ea89b_TX_PR_.exe 2016-10-07 20:06 - 2016-10-07 20:06 - 00000000 ____D C:\Users\Jordan\Downloads\GE View 2016-10-04 21:42 - 2016-10-16 14:43 - 00000000 ____D C:\Users\Jordan\Documents\Pinnacle 2016-10-04 21:40 - 2016-10-29 16:50 - 00004608 _____ C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-04 21:39 - 2016-10-29 19:05 - 00000000 ____D C:\Users\Jordan\temp 2016-10-04 21:39 - 2016-10-29 18:22 - 00000000 ____D C:\Users\Jordan\AppData\Local\Avid 2016-10-04 21:39 - 2016-10-29 16:23 - 00000813 _____ C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-10-04 21:39 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\Documents\InstantCDDVD 2016-10-04 21:36 - 2016-10-04 21:36 - 00002246 _____ C:\Users\Public\Desktop\Pinnacle Studio 16.lnk 2016-10-04 21:34 - 2016-10-04 21:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle 2016-10-04 21:28 - 2016-10-29 18:22 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2016-10-04 21:26 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\Pinnacle 2016-10-04 21:26 - 2016-10-04 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 16 2016-10-04 21:26 - 2016-10-04 21:34 - 00000000 ____D C:\ProgramData\Pinnacle 2016-10-04 21:26 - 2016-10-04 21:34 - 00000000 ____D C:\Program Files (x86)\Pinnacle 2016-10-04 21:25 - 2016-10-04 21:38 - 00000000 ____D C:\Users\Jordan\AppData\Local\Downloaded Installations 2016-10-04 21:22 - 2016-10-04 21:24 - 00000000 ____D C:\Users\Jordan\Desktop\PinnacleStudioSetup 2016-10-04 21:20 - 2016-10-26 23:24 - 00000600 _____ C:\Users\Jordan\AppData\Local\PUTTY.RND 2016-10-04 21:03 - 2016-10-04 21:03 - 00592080 _____ (ITS CIS CSS Syracuse University) C:\Users\Jordan\Desktop\Syracuse University Remote Access.exe 2016-10-04 21:03 - 2016-10-04 21:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\SURA 2016-10-04 21:02 - 2016-10-26 23:24 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\FileZilla 2016-10-04 21:02 - 2016-10-04 21:02 - 06654776 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.22.1_win64-setup_bundled2.exe 2016-10-04 21:02 - 2016-10-04 21:02 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2016-10-04 21:02 - 2016-10-04 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-10-04 21:02 - 2016-10-04 21:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client 2016-10-03 22:41 - 2016-10-16 23:34 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps 2016-10-03 22:30 - 2016-10-03 22:39 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\fs_earth_x 2016-10-03 22:30 - 2016-10-03 22:30 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2016-10-03 22:30 - 2016-10-03 22:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2016-10-03 22:30 - 2016-10-03 22:30 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fs Earth for FSX 2016-10-03 22:30 - 2016-10-03 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fs Earth for FSX 2016-10-03 22:29 - 2016-10-03 22:29 - 00000000 ____D C:\Users\Jordan\Downloads\fsxea52 2016-10-03 22:28 - 2016-10-03 22:28 - 03627824 _____ C:\Users\Jordan\Downloads\fsxea52.zip 2016-10-03 21:59 - 2016-10-03 21:59 - 12642538 _____ C:\Users\Jordan\Downloads\fsw_gmap_brw_20.zip 2016-10-03 21:59 - 2016-10-03 21:59 - 00000000 ____D C:\Users\Jordan\Downloads\fsw_gmap_brw_20 2016-10-03 21:41 - 2016-10-03 21:41 - 08460792 _____ (Sublime HQ Pty Ltd ) C:\Users\Jordan\Downloads\Sublime Text Build 3126 x64 Setup.exe 2016-10-03 21:41 - 2016-10-03 21:41 - 00000886 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Sublime Text 3 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Users\Jordan\AppData\Local\Sublime Text 3 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Program Files\Sublime Text 3 2016-10-03 21:34 - 2016-10-03 21:34 - 00000000 ____D C:\Users\Jordan\Downloads\fsx_bmw 2016-10-03 21:33 - 2016-10-03 21:34 - 03554185 _____ C:\Users\Jordan\Downloads\fsx_bmw.zip 2016-10-03 21:32 - 2016-10-03 21:32 - 00000000 ____D C:\Users\Jordan\Downloads\bmw 2016-10-03 21:31 - 2016-10-03 21:32 - 03576329 _____ C:\Users\Jordan\Downloads\bmw.zip 2016-10-03 21:24 - 2016-10-03 21:24 - 00000061 ___SH C:\Windows\cnerolf.bin 2016-10-03 21:23 - 2016-10-03 21:23 - 00000000 ____D C:\Users\Jordan\Downloads\FSUIPC4 2016-10-03 21:18 - 2016-10-03 21:18 - 03988172 _____ C:\Users\Jordan\Downloads\FSUIPC4.zip 2016-10-03 21:17 - 2016-10-03 21:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2016-10-03 21:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2016-10-03 21:17 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2016-10-03 21:17 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2016-10-03 21:17 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2016-10-03 21:17 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2016-10-03 21:17 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2016-10-03 21:17 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2016-10-03 21:17 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2016-10-03 21:17 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2016-10-03 21:17 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2016-10-03 21:17 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2016-10-03 21:17 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2016-10-03 21:17 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2016-10-03 21:17 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2016-10-03 21:17 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2016-10-03 21:17 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2016-10-03 21:17 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2016-10-03 21:17 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2016-10-03 21:17 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2016-10-03 21:17 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2016-10-03 21:17 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2016-10-03 21:17 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2016-10-03 21:17 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2016-10-03 21:17 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2016-10-03 21:17 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2016-10-03 21:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2016-10-03 21:17 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2016-10-03 21:17 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2016-10-03 21:17 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2016-10-03 21:17 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2016-10-03 21:17 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2016-10-03 21:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2016-10-03 21:17 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2016-10-03 21:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2016-10-03 21:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2016-10-03 21:17 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2016-10-03 21:17 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2016-10-03 21:17 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2016-10-03 21:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2016-10-03 21:17 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2016-10-03 21:17 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-10-03 21:16 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-10-03 21:16 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-10-03 21:16 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2016-10-03 21:16 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2016-10-03 21:16 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2016-10-03 21:16 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2016-10-03 21:16 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-10-03 21:16 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-10-03 21:16 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2016-10-03 21:16 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2016-10-03 21:16 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2016-10-03 21:16 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2016-10-03 21:16 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2016-10-03 21:16 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2016-10-03 21:16 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2016-10-03 21:16 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2016-10-03 21:16 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2016-10-03 21:16 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2016-10-03 21:13 - 2016-10-03 21:13 - 00000000 ____D C:\Users\Jordan\Downloads\woains24 2016-10-03 21:12 - 2016-10-16 23:34 - 00000000 ____D C:\Users\Jordan\Documents\Flight Simulator X Files 2016-10-03 21:11 - 2016-10-03 21:12 - 00000000 ____D C:\Users\Jordan\Downloads\fsw_gmap_garmin_20 2016-10-03 21:07 - 2016-10-03 21:07 - 13028341 _____ C:\Users\Jordan\Downloads\fsw_gmap_garmin_20.zip 2016-10-03 21:03 - 2016-10-03 21:03 - 00996297 _____ C:\Users\Jordan\Downloads\woains24.zip 2016-10-03 20:38 - 2016-10-03 20:39 - 00000000 ____D C:\Users\Jordan\Downloads\road_v11 2016-10-03 20:35 - 2016-10-03 20:36 - 00196254 _____ C:\Users\Jordan\Downloads\GE View.zip 2016-10-03 20:28 - 2016-10-03 20:30 - 04758595 _____ C:\Users\Jordan\Downloads\road_v11.zip 2016-10-03 20:25 - 2016-10-03 20:25 - 00000000 ____D C:\Users\Jordan\Downloads\rex_road_highway_textures_for_fsx 2016-10-03 20:23 - 2016-10-03 20:25 - 05376817 _____ C:\Users\Jordan\Downloads\rex_road_highway_textures_for_fsx.zip 2016-10-03 20:10 - 2016-10-03 20:10 - 00000222 _____ C:\Users\Jordan\Desktop\Microsoft Flight Simulator X Steam Edition.url 2016-10-03 20:10 - 2016-10-03 20:10 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-10-03 20:06 - 2016-10-03 20:06 - 00000000 ____D C:\Users\Jordan\AppData\Local\Steam 2016-10-03 20:06 - 2016-10-03 20:06 - 00000000 ____D C:\Users\Jordan\AppData\Local\CEF 2016-10-03 20:04 - 2016-10-29 16:03 - 00000000 ____D C:\Program Files (x86)\Steam 2016-10-03 20:04 - 2016-10-03 20:04 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk 2016-10-03 20:04 - 2016-10-03 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-10-03 20:03 - 2016-10-03 20:03 - 01446792 _____ C:\Users\Jordan\Downloads\SteamSetup.exe 2016-10-03 19:55 - 2016-10-03 19:55 - 00770088 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-10-03 19:53 - 2016-10-03 19:58 - 00000000 ____D C:\cd7e96c27cf3447e7b38cdc351a3 2016-10-03 19:53 - 2016-10-03 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-10-03 19:52 - 2016-10-03 19:52 - 00000000 ____D C:\Users\Jordan\AppData\Local\NVIDIA 2016-10-03 19:42 - 2016-10-03 19:42 - 00000000 ____D C:\9264e20d95ef3fe09ab05a 2016-10-03 19:41 - 2016-10-03 19:42 - 01429344 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\NDP462-KB3151802-Web.exe 2016-10-03 19:40 - 2016-10-29 16:02 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-03 19:40 - 2016-10-03 19:40 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-10-03 19:40 - 2016-09-16 18:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-10-03 19:40 - 2016-09-09 14:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-10-03 19:40 - 2016-09-09 14:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll 2016-10-03 19:40 - 2016-09-09 14:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-10-03 19:40 - 2016-09-09 14:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe 2016-10-03 19:39 - 2016-10-03 19:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-10-03 19:39 - 2016-10-03 19:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-10-03 19:39 - 2016-09-16 20:46 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2016-10-03 19:39 - 2016-09-16 20:46 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-10-03 19:39 - 2016-09-16 18:57 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-10-03 19:39 - 2016-09-16 03:40 - 07379415 _____ C:\Windows\system32\nvcoproc.bin 2016-10-03 19:38 - 2016-10-16 16:38 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-03 19:38 - 2016-09-19 19:09 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2016-10-03 19:38 - 2016-09-19 19:09 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2016-10-03 19:38 - 2016-09-19 19:09 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-10-03 19:38 - 2016-09-16 20:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00039730 _____ C:\Windows\system32\nvinfo.pb 2016-10-03 19:38 - 2016-09-16 20:46 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-10-03 19:38 - 2016-09-16 20:46 - 00000669 _____ C:\Windows\system32\nv-vk64.json 2016-10-03 19:38 - 2016-08-04 06:25 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2016-10-03 19:38 - 2016-08-04 06:25 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2016-10-03 19:38 - 2016-08-04 06:25 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2016-10-03 19:12 - 2016-10-03 19:12 - 00008192 __RSH C:\BOOTSECT.BAK 2016-10-03 19:12 - 2016-10-03 17:10 - 00000000 ____D C:\Windows\Panther 2016-10-03 19:12 - 2010-11-20 23:23 - 00383786 __RSH C:\bootmgr 2016-10-03 18:31 - 2016-10-29 16:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-03 18:31 - 2016-10-03 18:31 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-03 18:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-10-03 18:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-10-03 18:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-10-03 18:15 - 2016-10-03 18:15 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-10-03 18:15 - 2016-10-03 18:15 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-10-03 18:14 - 2016-10-03 18:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2016-10-03 18:05 - 2016-10-03 18:05 - 22851472 _____ (Malwarebytes ) C:\Users\Jordan\Downloads\mbam-setup-2.2.1.1043.exe 2016-10-03 17:58 - 2016-10-29 16:03 - 00000000 ___RD C:\Users\Jordan\Google Drive 2016-10-03 17:58 - 2016-10-03 17:58 - 00001701 _____ C:\Users\Jordan\Desktop\Google Drive.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-10-03 17:51 - 2016-10-03 17:51 - 01065376 _____ (Google Inc.) C:\Users\Jordan\Downloads\googledrivesync.exe 2016-10-03 17:50 - 2016-10-03 22:00 - 00000000 ____D C:\Users\Jordan\AppData\Local\Mozilla 2016-10-03 17:50 - 2016-10-03 17:50 - 01065376 _____ (Google Inc.) C:\Users\Jordan\Downloads\GoogleEarthSetup.exe 2016-10-03 17:50 - 2016-10-03 17:50 - 00002144 _____ C:\Users\Public\Desktop\Google Earth.lnk 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Mozilla 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\Google 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-10-03 17:38 - 2016-10-03 17:38 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-10-03 17:38 - 2016-10-03 17:38 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-10-03 17:38 - 2016-10-03 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-03 17:38 - 2016-10-03 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-10-03 17:37 - 2016-10-03 17:37 - 46883960 _____ C:\Users\Jordan\Downloads\Firefox Setup 49.0.1.exe 2016-10-03 17:35 - 2016-10-03 17:35 - 00000000 ____D C:\808ea3e4252a262c5f 2016-10-03 17:35 - 2016-10-03 17:35 - 00000000 ____D C:\193e5f0e1348d1da7c96 2016-10-03 17:32 - 2016-10-03 19:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-10-03 17:31 - 2016-10-03 17:31 - 00000000 ____D C:\NVIDIA 2016-10-03 17:27 - 2016-10-29 16:20 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2016-10-03 17:27 - 2016-10-03 17:27 - 00000000 ____D C:\Program Files\Common Files\AV 2016-10-03 17:26 - 2016-10-29 18:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-10-03 17:26 - 2016-10-03 17:26 - 00002150 _____ C:\Users\Public\Desktop\Safe Money.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00001374 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\Windows\ELAMBKUP 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-10-03 17:26 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-10-03 17:25 - 2016-10-03 17:40 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-10-03 17:25 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-10-03 17:23 - 2016-10-03 17:23 - 351102072 _____ (NVIDIA Corporation) C:\Users\Jordan\Downloads\372.90-desktop-win8-win7-64bit-international-whql.exe 2016-10-03 17:22 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-10-03 17:22 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-10-03 17:22 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-10-03 17:22 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-10-03 17:21 - 2016-10-03 17:21 - 177912864 _____ (Kaspersky Lab) C:\Users\Jordan\Downloads\kis17.0.0.611en_10743.exe 2016-10-03 17:21 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-10-03 17:21 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-10-03 17:21 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-10-03 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-10-03 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-10-03 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-10-03 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-10-03 17:19 - 2016-10-29 18:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-03 17:19 - 2016-10-29 17:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-03 17:19 - 2016-10-23 13:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-03 17:19 - 2016-10-23 13:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-03 17:19 - 2016-10-08 13:45 - 00140752 _____ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-03 17:19 - 2016-10-03 20:32 - 00000000 ____D C:\Users\Jordan\AppData\Local\Google 2016-10-03 17:19 - 2016-10-03 17:57 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-03 17:19 - 2016-10-03 17:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-10-03 17:19 - 2016-10-03 17:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-10-03 17:19 - 2016-10-03 17:19 - 00000000 ____D C:\Users\Jordan\AppData\Local\Deployment 2016-10-03 17:19 - 2016-10-03 17:19 - 00000000 ____D C:\Users\Jordan\AppData\Local\Apps\2.0 2016-10-03 17:16 - 2016-10-16 16:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-10-03 17:16 - 2016-10-03 17:16 - 00001661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Beats Audio.lnk 2016-10-03 17:16 - 2016-10-03 17:16 - 00000000 ____D C:\ProgramData\SonicFocus 2016-10-03 17:16 - 2016-10-03 17:16 - 00000000 ____D C:\Program Files\IDT 2016-10-03 17:16 - 2011-01-26 09:52 - 12897792 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl 2016-10-03 17:16 - 2011-01-26 09:52 - 04637184 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 01499136 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00835072 _____ (IDT, Inc.) C:\Windows\sttray64.exe 2016-10-03 17:16 - 2011-01-26 09:52 - 00651776 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00520192 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys 2016-10-03 17:16 - 2011-01-26 09:52 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00221184 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00220160 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll 2016-10-03 17:16 - 2010-08-12 22:14 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\sfcom.dll 2016-10-03 17:16 - 2010-03-31 22:11 - 00162304 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll 2016-10-03 17:16 - 2009-10-09 08:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll 2016-10-03 17:16 - 2009-03-02 09:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll 2016-10-03 17:16 - 2009-03-02 09:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll 2016-10-03 17:12 - 2016-10-03 17:12 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\WinBatch 2016-10-03 17:11 - 2016-10-03 17:11 - 00001447 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-03 17:11 - 2016-10-03 17:11 - 00001413 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-10-03 17:10 - 2016-10-07 21:12 - 00000000 ____D C:\Users\Jordan 2016-10-03 17:10 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore 2016-10-03 17:10 - 2016-10-03 17:10 - 00000020 ___SH C:\Users\Jordan\ntuser.ini 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\My Documents 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Videos 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Pictures 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Music 2016-10-03 17:10 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Media Center Programs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-29 16:38 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-29 16:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-10-29 16:10 - 2009-07-14 00:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-29 16:10 - 2009-07-14 00:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-29 16:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-24 20:23 - 2009-07-14 01:08 - 00008676 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-10 10:59 - 2009-07-14 00:45 - 00496224 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-07 21:05 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-10-03 20:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2016-10-03 19:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help 2016-10-03 19:12 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2016-10-03 18:15 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-10-03 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep 2016-10-03 17:40 - 2016-06-20 17:29 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-10-03 17:40 - 2016-06-02 22:39 - 00126360 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-10-03 17:39 - 2016-06-20 17:51 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-10-03 17:14 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2016-10-04 21:39 - 2016-10-29 16:23 - 0000813 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-10-04 21:39 - 2016-10-29 19:05 - 0000958 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log 2016-10-04 21:39 - 2016-10-29 18:15 - 0000786 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log 2016-10-04 21:40 - 2016-10-29 16:50 - 0004608 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-04 21:20 - 2016-10-26 23:24 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\Jordan\AppData\Local\Temp\libeay32.dll C:\Users\Jordan\AppData\Local\Temp\msvcr120.dll C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-03 18:12 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016 Ran by Jordan (29-10-2016 19:12:26) Running from C:\Users\Jordan\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-10-03 21:10:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2563237544-1932412345-1817232179-500 - Administrator - Disabled) Guest (S-1-5-21-2563237544-1932412345-1817232179-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2563237544-1932412345-1817232179-1002 - Limited - Enabled) Jordan (S-1-5-21-2563237544-1932412345-1817232179-1000 - Administrator - Enabled) => C:\Users\Jordan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 777 Captain (777-200) Base Pack [FSX/SE] Update 1.71 FSX-SE (HKLM-x32\...\x772_stm) (Version: 1.71 - © 1999-2016 Captain Sim) Ansel (Version: 372.90 - NVIDIA Corporation) Hidden CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.2522.0 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.5816.0 - CyberLink Corp.) FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Earth (HKLM-x32\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation) NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation) Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation) Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Soundbounce version 1.0a (HKLM-x32\...\{A1E1F8D8-BEA1-44A0-90DD-ECB5DF59A082}_is1) (Version: 1.0a - soundbounce.org) Spotify (HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Spotify) (Version: 1.0.39.157.g674ae377 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) XPax (HKLM-x32\...\{F2392BB6-52EF-4A0A-9A54-199AD0F2F3DA}) (Version: 0.00.0350 - HiFi Flightware) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {259B3A50-6259-4D83-9191-ED233CA205B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) Task: {756CD365-E841-4E8D-9C25-78DFA1403520} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab) Task: {7B19AB72-74EF-42D5-9C3A-8BCCB80548C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) Task: {88591A53-49BA-464A-962C-5072DE06B4BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {9108EE54-AAC5-41C5-9A23-DA5EFC77A5CE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation) Task: {B198A1E1-A36C-4467-95AA-068DA782FA7D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-10-03 19:39 - 2016-09-16 18:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-10-07 21:12 - 2016-10-07 21:12 - 00959168 _____ () C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-10-03 10:57 - 2016-10-03 10:57 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-10-23 13:39 - 2016-10-20 04:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-23 13:39 - 2016-10-20 04:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-03 20:05 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-10-03 20:05 - 2016-10-12 21:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-10-03 20:05 - 2016-10-12 21:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-10-03 20:05 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00098816 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32api.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00110080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pywintypes27.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00364544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pythoncom27.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00320512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32com.shell.shell.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00776704 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_hashlib.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01176576 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._core_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00806400 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._gdi_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00816128 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._windows_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01067008 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._controls_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00733184 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._misc_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00682496 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pysqlite2._sqlite.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_ctypes.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00119808 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32file.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00108544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32security.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00007168 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\hashobjs_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00017920 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\thumbnails_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\usb_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00012800 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\common.time34.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00018432 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32event.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00167936 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32gui.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00046080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_socket.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01208320 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_ssl.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00128512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_elementtree.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00127488 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pyexpat.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00038912 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32inet.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00036864 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_psutil_windows.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00525208 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\windows._lib_cacheinvalidation.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00011264 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32crypt.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00077312 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._html2.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00027136 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_multiprocessing.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00020480 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_yappi.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00035840 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32process.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00686080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\unicodedata.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00078848 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._animate.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00123392 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._wizard.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00024064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32pipe.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00010240 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\select.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00025600 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32pdh.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00017408 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32profile.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00022528 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32ts.pyd 2016-10-07 21:12 - 2016-10-07 21:12 - 00679624 _____ () C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-10-14 20:54 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll 2016-10-16 16:39 - 2016-01-28 03:45 - 00626104 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0CC9A52F-C4E2-4204-8F36-D263B308788D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{632A10B5-B343-4F8F-8EC1-908320E7913B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{034AB3B6-3496-4C34-911E-F50C960CC0CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C752D002-0E5A-4DC2-86A8-D07A5CF45A4E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{1C3833C7-4905-44C2-9A23-516CB5FAF2B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{17588DA4-3B9C-4CC6-A2F2-02893BDC6739}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6517C106-96B4-409C-B9E6-FE6EED23D07E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C0DFB09D-EC14-4EB8-94CE-FF5C1C5A3EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B5960E90-252A-4215-8FED-22093AF477E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEE3858E-BD35-478C-8E5B-16FD6D6926B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4F8798B5-84A6-4510-9B48-5C5F7FC928E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{24BF7D26-6D50-4EAE-AD2E-C5DDD894BDC4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{95D9D75E-5632-4381-ACB8-81B4B55EB12E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{33719AEC-6A70-4BED-843E-92A40BD77CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{F598006B-07AF-4324-A71C-8FBB82AA2287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{F199CBC7-5FBE-416E-A6AA-D1B3FB98BB52}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{ADC709B0-931D-4C25-B418-AECB8BE8A462}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{F8F4EA0E-47CC-4E2C-9367-AE8F3E0B993A}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{13EDEC83-5F05-40E8-B527-B19F5174FA63}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{7125AF73-FC11-44C4-A57F-91E630001716}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{E89A49B7-F7D9-4623-851A-04178ED82F73}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{E1FD6198-6E4B-4D44-A4AD-8F778A57EE87}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{4DBDF475-6A13-4E50-8971-BD67502323E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 16-10-2016 16:38:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 16-10-2016 16:40:03 Installed LabelPrint 29-10-2016 15:51:25 JRT Pre-Junkware Removal 29-10-2016 16:09:01 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2016 04:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/29/2016 03:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/28/2016 01:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/27/2016 11:11:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/26/2016 09:28:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/25/2016 08:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 08:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 08:22:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x1d8 Faulting application start time: 0x01d22e552f1fabdc Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 2467703d-9a49-11e6-ba92-e06995daf5de Error: (10/24/2016 08:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 11:12:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-10-03 17:40:43.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.576 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 48% Total physical RAM: 8172.31 MB Available physical RAM: 4173.73 MB Total Virtual: 16342.82 MB Available Virtual: 12106.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1397.26 GB) (Free:1270.07 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive f: () (Fixed) (Total:149.04 GB) (Free:6.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 6D84B434) Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
-
Here is the MBAM log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/27/2016 Scan Time: 11:36 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.28.04 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jordan Scan Type: Threat Scan Result: Completed Objects Scanned: 296146 Time Elapsed: 10 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
-
Today I encountered another spam-attack type message while browsing sketchy websites, depicted by the image computerblock.png and yesterday encountered an attack similarly resembling the image spampopup.png. I know I have encountered these before and they don't necessarily pose a substantial threat to the security, health and welfare of my computer. Basically, I know they are scams and not genuinely real. However, I would like to check them out to see if they have actually caused my system any significant damage.
-
Here we go, the final log! Thanks very much for your help! # DelFix v1.013 - Logfile created 27/09/2016 at 13:06:17 # Updated 17/04/2016 by Xplode # Username : Jordan - JORDAN-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Jordan\Desktop\Addition.txt Deleted : C:\Users\Jordan\Desktop\AdwCleaner.exe Deleted : C:\Users\Jordan\Desktop\Fixlog.txt Deleted : C:\Users\Jordan\Desktop\FRST.txt Deleted : C:\Users\Jordan\Desktop\FRST64.exe Deleted : C:\Users\Jordan\Desktop\JRT.exe Deleted : C:\Users\Jordan\Desktop\JRT.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #61 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 09/19/2016 15:56:13] Deleted : RP #62 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 09/19/2016 15:57:03] Deleted : RP #63 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 09/19/2016 15:57:46] Deleted : RP #64 [Installed Finale | 09/19/2016 15:59:21] Deleted : RP #65 [Windows Update | 09/20/2016 05:27:06] Deleted : RP #66 [Windows Update | 09/21/2016 04:57:45] Deleted : RP #68 [Restore Point Created by FRST | 09/26/2016 21:08:23] Deleted : RP #69 [JRT Pre-Junkware Removal | 09/26/2016 21:10:59] Deleted : RP #71 [Restore Point Created by FRST | 09/26/2016 21:55:15] Deleted : RP #72 [Installed FSX Google Earth Tracker | 09/26/2016 22:49:24] Deleted : RP #73 [Windows Update | 09/26/2016 23:19:09] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
-
No, I think we're set. Thanks for your help!
-
Alright, it looks like copy/paste is working again on the browser, so here are the results of the new Fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Jordan (26-09-2016 17:55:10) Run:2 Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212] EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ========================= bcdedit ======================== The operation completed successfully. ========= End of bcdedit ========= C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42877728 B Java, Flash, Steam htmlcache => 51697754 B Windows/system/drivers => 147168264 B Edge => 0 B Chrome => 98167868 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58558406 B systemprofile32 => 66088 B LocalService => 0 B NetworkService => 45504 B Jordan => 454591166 B RecycleBin => 748 B EmptyTemp: => 821.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:55:46 ====
-
Because my browser would not allow me to copy/paste text, I have attached the logs. Also when running the FRST fix, Kaspersky discovered the FRST64.exe as malware, specifically PDM:Trojan.Win32.Generic. Kaspersky asked me if I wanted to disinfect the infection with or without restarting my computer, and I chose to disinfect without restart. After doing so, Kaspersky told me "the malware action has now been rolled back" and a registry entry had been restored. Although the actual FRST64.exe file remains in quarantine. Fixlog.txt JRT.txt AdwCleaner[S0].txt
-
All right. Here's my first set of logs. FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016 Ran by Jordan (administrator) on JORDAN-PC (25-09-2016 17:39:21) Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-08] (Spotify Ltd) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [911248 2011-03-21] (Samsung) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-03-21] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-03-21] () ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3B3DB352-DB9E-47B4-BDA0-F812F6180C6E}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-08] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi Chrome: ======= CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default [2016-09-25] CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-03] CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-03] CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-03] CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-03] CHR Extension: (Adobe Acrobat) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-10] CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-03] CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03] CHR Extension: (AdBlock) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-25] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03] CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-03] CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-1466031636-3715157435-865888265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) S3 HIDMiniport; C:\Windows\System32\DRIVERS\HIDMiniport.sys [7744 2016-09-03] () S3 HIDWiimote; C:\Windows\System32\DRIVERS\HIDWiimote.sys [25232 2016-09-03] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-10] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-10] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-10] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-10] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.) S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich) R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 17:38 - 2016-09-25 17:39 - 00037111 _____ C:\Users\Jordan\Desktop\Addition.txt 2016-09-25 17:37 - 2016-09-25 17:39 - 00020857 _____ C:\Users\Jordan\Desktop\FRST.txt 2016-09-25 17:37 - 2016-09-25 17:39 - 00000000 ____D C:\FRST 2016-09-25 17:37 - 2016-09-25 17:37 - 02403328 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe 2016-09-20 20:37 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-09-20 20:37 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-09-20 01:07 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-09-20 01:07 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-09-20 01:07 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-09-20 01:07 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-09-20 01:07 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-09-20 01:07 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-09-20 01:07 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-09-20 01:07 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-09-20 01:07 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-09-20 01:07 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-09-20 01:07 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-09-20 01:07 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-09-20 01:07 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-09-20 01:07 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-09-20 01:07 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-09-20 01:07 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-09-20 01:07 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-09-20 01:07 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-09-20 01:07 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-09-20 01:07 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-09-20 01:07 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-09-20 01:07 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-09-20 01:07 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-09-20 01:07 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-09-20 01:07 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-09-20 01:07 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-09-20 01:07 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-09-20 01:07 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-09-20 01:07 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-09-20 01:07 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-09-20 01:07 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-09-20 01:07 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-09-20 01:07 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-09-20 01:07 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-09-20 01:07 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-09-20 01:07 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-09-20 01:07 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-09-20 01:07 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-09-20 01:07 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-09-20 01:07 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-09-20 01:07 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-09-20 01:07 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-09-20 01:07 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-09-20 01:07 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-09-20 01:07 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-09-20 01:07 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-09-20 01:07 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-09-20 01:07 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-09-20 01:07 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-09-20 01:07 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-09-20 01:07 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-09-20 01:07 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-09-20 01:07 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-09-20 01:07 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-09-20 01:07 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-09-20 01:07 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-09-20 01:07 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-09-20 01:07 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-09-20 01:07 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-09-20 01:07 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-09-20 01:07 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-09-20 01:07 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-09-20 01:07 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-20 01:07 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-20 01:07 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-20 01:06 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-09-20 01:06 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-09-20 01:06 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-09-20 01:06 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-09-20 01:06 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-20 01:06 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-09-20 01:06 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-09-20 01:06 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-09-20 01:06 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-09-20 01:06 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-09-20 01:06 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-09-20 01:06 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-09-20 01:06 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-09-20 01:06 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-20 01:06 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-20 01:06 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-20 01:06 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-09-20 01:06 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-09-20 01:06 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-09-20 01:06 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-09-20 01:06 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-09-20 01:06 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-09-20 01:06 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-20 01:06 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-20 01:06 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-09-20 01:06 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-20 01:06 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-20 01:06 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-09-20 01:06 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-09-20 01:06 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-09-20 01:06 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-09-20 01:06 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-09-20 01:06 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-09-20 01:06 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-09-20 01:06 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-09-20 01:06 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-09-20 01:06 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-09-20 01:06 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-09-20 01:06 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-09-20 01:06 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-09-20 01:06 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-09-20 01:06 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-09-20 01:06 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-09-20 01:06 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-09-20 01:06 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-09-20 01:06 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-09-20 01:06 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-09-20 01:06 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-09-20 01:06 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-09-20 01:06 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-09-20 01:06 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-09-20 01:06 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-09-20 01:06 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-09-20 01:06 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-09-19 23:44 - 2016-09-19 23:44 - 00001029 _____ C:\Users\Public\Desktop\ImagePrinter Pro.lnk 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Users\Jordan\AppData\Local\ImagePrinter Pro 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImagePrinter Pro 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Program Files\Code Industry 2016-09-19 23:44 - 2016-03-05 15:06 - 00024576 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localmon.dll 2016-09-19 23:44 - 2016-03-05 15:06 - 00015872 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localui.dll 2016-09-19 23:38 - 2016-09-19 23:39 - 26370968 _____ (Code Industry Ltd. ) C:\Users\Jordan\Downloads\ImagePrinterPro-setup.exe 2016-09-19 12:55 - 2016-09-19 12:55 - 130294103 _____ C:\Users\Jordan\Downloads\fluid-soundfont.tar.gz 2016-09-19 12:55 - 2016-09-19 12:55 - 01378550 _____ (Igor Pavlov) C:\Users\Jordan\Downloads\7z1602-x64.exe 2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\Program Files\7-Zip 2016-09-19 12:24 - 2016-09-19 12:24 - 00000000 ____D C:\Users\Jordan\.oracle_jre_usage 2016-09-19 12:22 - 2016-09-19 12:22 - 00000000 ____D C:\3129df33e7798561b508 2016-09-19 12:00 - 2016-09-19 12:00 - 00001757 _____ C:\Users\Public\Desktop\Finale.lnk 2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2016-09-19 11:59 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Finale 2016-09-19 11:59 - 2016-09-19 11:59 - 00000000 ____D C:\ProgramData\MakeMusic 2016-09-19 11:53 - 2016-09-19 11:54 - 330460368 _____ ( ) C:\Users\Jordan\Downloads\FinaleDemoSetup.exe 2016-09-19 02:07 - 2016-09-19 02:07 - 00000481 _____ C:\Windows\demdata.txt 2016-09-18 22:02 - 2016-09-18 22:02 - 00000000 ____D C:\a0b924c5655de52555 2016-09-16 09:22 - 2016-09-16 09:22 - 00164231 _____ C:\Users\Jordan\Documents\Colleen Deacon flyer.pdf 2016-09-16 09:22 - 2016-09-16 09:22 - 00000000 ____D C:\Users\Jordan\Documents\Custom Office Templates 2016-09-11 23:55 - 2016-09-11 23:55 - 00000000 ____D C:\Users\Jordan\Documents\Pinnacle 2016-09-10 14:17 - 2016-09-10 14:17 - 00002150 _____ C:\Users\Public\Desktop\Safe Money.lnk 2016-09-10 14:17 - 2016-09-10 14:17 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-09-10 14:17 - 2016-09-10 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-09-10 14:16 - 2016-09-10 14:36 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-09-10 14:16 - 2016-09-10 14:16 - 00000000 ____D C:\Windows\ELAMBKUP 2016-09-10 14:16 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-09-10 14:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-09-10 14:11 - 2016-09-10 14:11 - 177912864 _____ (Kaspersky Lab) C:\Users\Jordan\Downloads\kis17.0.0.611en_10755.exe 2016-09-10 14:07 - 2016-09-10 14:07 - 06662856 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.21.0_win64-setup.exe 2016-09-08 23:55 - 2016-09-08 23:55 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Synthesia 2016-09-08 23:19 - 2016-09-08 23:19 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk 2016-09-08 23:19 - 2016-09-08 23:19 - 00001901 _____ C:\Users\Public\Desktop\Synthesia.lnk 2016-09-08 23:19 - 2016-09-08 23:19 - 00000000 ____D C:\Program Files (x86)\Synthesia 2016-09-08 23:17 - 2016-09-08 23:17 - 03786784 _____ (Synthesia LLC) C:\Users\Jordan\Downloads\Synthesia-10.2-installer.exe 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files\M-Audio 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files (x86)\M-Audio 2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141 2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\ProgramData\AVID 2016-09-08 23:13 - 2016-09-08 23:13 - 10454301 _____ C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141.zip 2016-09-08 22:55 - 2016-09-08 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase Shift 2016-09-08 22:52 - 2016-09-08 23:01 - 00000000 ____D C:\Program Files (x86)\Phase Shift 2016-09-08 22:52 - 2016-09-08 22:52 - 99789162 _____ C:\Users\Jordan\Downloads\ps_release_1.27_lite.exe 2016-09-03 17:04 - 2016-09-03 18:05 - 00000000 ____D C:\Users\Jordan\Documents\Madden NFL 08 2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 __RHD C:\Users\Jordan\AppData\Roaming\SecuROM 2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports 2016-09-03 16:58 - 2016-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\EA Sports 2016-09-03 16:13 - 2016-09-03 16:13 - 06806328 _____ (Shaul Eizikovich ) C:\Users\Jordan\Downloads\vJoySetup.exe 2016-09-03 16:13 - 2016-02-03 12:24 - 00056440 _____ (Shaul Eizikovich) C:\Windows\system32\Drivers\vjoy.sys 2016-09-03 16:13 - 2016-02-03 12:24 - 00017336 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys 2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0} 2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F} 2016-09-03 15:44 - 2016-09-03 15:44 - 00000431 _____ C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config 2016-09-03 15:42 - 2016-09-03 16:03 - 00000000 ____D C:\Program Files\WiinUSoft 2016-09-03 15:42 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys 2016-09-03 15:38 - 2016-09-03 15:38 - 48273181 _____ (Justin Keys ) C:\Users\Jordan\Downloads\wiinusoft_2.1.234_setup.exe 2016-09-03 15:35 - 2016-09-03 15:35 - 00947241 _____ C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit.zip 2016-09-03 15:35 - 2016-09-03 15:35 - 00000000 ____D C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit 2016-09-03 15:29 - 2016-09-03 15:29 - 00000000 ____D C:\Users\Jordan\Documents\Dolphin Emulator 2016-09-03 15:25 - 2016-09-03 15:26 - 19327064 _____ C:\Users\Jordan\Downloads\dolphin-x64-5.0.exe 2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ____D C:\Users\Jordan\AppData\Local\ElevatedDiagnostics 2016-09-03 14:30 - 2016-09-03 14:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_HIDWiimote_01009.Wdf 2016-09-03 14:29 - 2016-09-03 14:29 - 00000000 ____D C:\Program Files\DIFX 2016-09-03 14:28 - 2016-09-03 14:28 - 00000000 ____D C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit 2016-09-03 14:19 - 2016-09-03 14:19 - 02022811 _____ C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit.zip 2016-09-03 14:17 - 2016-09-03 14:17 - 03207238 _____ C:\Users\Jordan\Downloads\a32162543a53a6e2e42686f6f464ab7d 2016-09-03 14:17 - 2016-09-03 14:17 - 00134270 _____ C:\Users\Jordan\Downloads\0e8b216bff4b9d5e4f0c679375b5b66e ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 17:20 - 2016-08-03 22:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-25 17:19 - 2016-08-05 23:01 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2016-09-25 17:18 - 2016-08-05 22:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-25 17:04 - 2016-08-08 17:20 - 00000000 ___RD C:\Users\Jordan\Google Drive 2016-09-25 17:03 - 2016-08-08 13:33 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-25 17:03 - 2016-08-04 05:33 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-25 17:03 - 2016-08-03 22:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-25 17:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-24 18:23 - 2016-08-06 00:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-23 23:36 - 2016-08-14 18:58 - 00000000 ____D C:\Users\Jordan\Documents\Finale Files 2016-09-20 20:49 - 2016-08-03 23:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-20 20:48 - 2016-08-03 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-09-20 20:35 - 2009-07-14 01:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-20 20:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-09-20 11:05 - 2009-07-14 00:45 - 00520024 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-20 00:59 - 2016-08-08 19:16 - 00000000 ____D C:\Users\Jordan\temp 2016-09-20 00:48 - 2016-08-08 17:50 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2016-09-20 00:46 - 2016-08-08 18:02 - 00000000 ____D C:\Users\Jordan\AppData\Local\Avid 2016-09-20 00:11 - 2016-08-08 18:02 - 00001008 _____ C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-09-20 00:03 - 2016-08-08 20:46 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps 2016-09-19 23:50 - 2016-08-08 19:17 - 00006144 _____ C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-09-19 22:14 - 2016-08-22 00:19 - 00000600 _____ C:\Users\Jordan\AppData\Local\PUTTY.RND 2016-09-19 22:14 - 2016-08-22 00:14 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\FileZilla 2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify 2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify 2016-09-19 12:24 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan 2016-09-19 12:09 - 2016-08-20 21:23 - 00000000 ____D C:\Program Files (x86)\Finale 2010 2016-09-19 12:07 - 2016-08-03 22:09 - 00153376 _____ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-19 11:58 - 2016-08-04 05:30 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-19 11:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-09-18 22:21 - 2016-08-03 22:10 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-18 22:21 - 2016-08-03 22:10 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-18 22:07 - 2016-08-08 19:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-12 23:09 - 2016-08-14 18:57 - 00000000 ____D C:\Program Files (x86)\Finale 2014.5 2016-09-12 22:13 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore 2016-09-12 18:34 - 2016-08-21 09:28 - 00000000 ____D C:\ProgramData\TEMP 2016-09-10 14:36 - 2016-06-20 17:29 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-09-10 14:36 - 2016-06-02 22:39 - 00126360 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-09-10 14:33 - 2016-06-20 17:51 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-09-10 14:19 - 2016-08-05 23:01 - 00000000 ____D C:\Program Files\Common Files\AV 2016-09-10 14:18 - 2016-08-05 22:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-09-10 14:16 - 2016-08-05 22:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-09-08 10:44 - 2016-08-22 00:24 - 00000000 ____D C:\Users\Jordan\Documents\SU NILDRR Research Project 2016-09-03 16:56 - 2016-08-14 23:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-03 15:25 - 2016-08-08 20:51 - 00000000 ____D C:\Users\Public\Documents\FsPassengers 2016-09-03 14:28 - 2016-03-03 14:41 - 00025232 _____ C:\Windows\system32\Drivers\HIDWiimote.sys 2016-09-03 14:28 - 2016-03-03 14:41 - 00007744 _____ C:\Windows\system32\Drivers\HIDMiniport.sys ==================== Files in the root of some directories ======= 2016-08-08 18:02 - 2016-09-20 00:11 - 0001008 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-09-03 15:44 - 2016-09-03 15:44 - 0000431 _____ () C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config 2016-08-08 18:02 - 2016-09-20 00:59 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log 2016-08-08 18:02 - 2016-09-20 00:45 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log 2016-08-08 19:17 - 2016-09-19 23:50 - 0006144 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-22 00:19 - 2016-09-19 22:14 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\Jordan\AppData\Local\Temp\AutoRun.exe C:\Users\Jordan\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jordan\AppData\Local\Temp\drm_dyndata_7330011.dll C:\Users\Jordan\AppData\Local\Temp\EAInstall.dll C:\Users\Jordan\AppData\Local\Temp\madden_inst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION LastRegBack: 2016-09-12 19:19 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Jordan (25-09-2016 17:39:33) Running from C:\Users\Jordan\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-08-01 12:53:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1466031636-3715157435-865888265-500 - Administrator - Disabled) Guest (S-1-5-21-1466031636-3715157435-865888265-501 - Limited - Disabled) Jordan (S-1-5-21-1466031636-3715157435-865888265-1000 - Administrator - Enabled) => C:\Users\Jordan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 777 Captain (777-200) Base Pack [FSX/SE] 1.70 FSX-SE (HKLM-x32\...\x772_stm) (Version: 1.70 - © 1999-2016 Captain Sim) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Active@ File Recovery 15 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 15 - LSoft Technologies Inc) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.) Eassos PartitionGuru 4.8.0 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair) FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse) Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic) FsPassengersX for Microsoft Flight Simulator X (HKLM-x32\...\FsPassengersX) (Version: 20160123 - SecondReality Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden ImagePrinter Pro 6.1 (HKLM\...\ImagePrinter Pro 6.1_is1) (Version: - Code Industry Ltd.) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK) Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation) Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation) Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) RescuePRO Deluxe 5.2.6.1 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 5.2.6.1 - LC Technology International, Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC) Tapspace Virtual Drumline 2.5 (HKLM-x32\...\Tapspace Virtual Drumline 2.5) (Version: - ) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Yodot Recovery Software (HKLM\...\{3D0B1313-049A-4C70-B8CC-9AFB84109F89}_is1) (Version: 1.0.0.3 - Yodot Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06C6B8E4-B7F0-4BD7-825C-D5CFC73B6600} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {0B808A52-7A20-4549-84D9-E8207C5C6D37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {28718E29-EDE7-4EC4-895C-3C7BBE42C2B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {49B5C5C7-7D83-41C5-8818-F50FDE66AC22} - System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] () Task: {793D5B8B-86F6-47BB-A961-5EE9754AE934} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation) Task: {85A82A2C-8A86-4952-A8C3-5413EC0A8014} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {962AF98D-44FB-46FD-B4D2-F7F80DE31CD5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation) Task: {BBF864F3-8507-4FA6-A5B2-95D94CEDCAFF} - System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] () Task: {C36A89F9-793F-4433-9D0B-7021DFE09A55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {D68100E6-C929-4806-BFD9-06166D606B75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {D961528C-1B46-4F1C-8578-C5043DB405DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {DB7100B3-7719-4057-B5DF-1F911639133C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {EFDBB2BC-AEB7-45E2-9768-86E73EE83341} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-08-04 05:31 - 2016-07-10 19:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-08-03 23:23 - 2016-09-20 20:45 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-08-03 11:45 - 2016-08-03 11:45 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2011-03-21 11:57 - 2011-03-21 11:57 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 2016-09-18 22:21 - 2016-09-13 22:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll 2016-09-18 22:21 - 2016-09-13 22:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-08-08 13:33 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-08-08 13:33 - 2016-09-20 15:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-08-08 13:33 - 2016-09-20 15:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-08-08 13:33 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00098816 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32api.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00110080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pywintypes27.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00364544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pythoncom27.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00320512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32com.shell.shell.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00776704 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_hashlib.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01176576 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._core_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00806400 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._gdi_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00816128 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._windows_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01067008 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._controls_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00733184 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._misc_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00682496 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pysqlite2._sqlite.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ctypes.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00119808 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32file.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00108544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32security.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00007168 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\hashobjs_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00017920 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\thumbnails_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\usb_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00012800 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\common.time34.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00018432 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32event.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00167936 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32gui.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00046080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_socket.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01208320 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ssl.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00128512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_elementtree.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00127488 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pyexpat.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00038912 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32inet.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00036864 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_psutil_windows.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00525208 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\windows._lib_cacheinvalidation.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00011264 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32crypt.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00077312 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._html2.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00027136 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_multiprocessing.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00020480 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_yappi.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00035840 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32process.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00686080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\unicodedata.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00078848 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._animate.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00123392 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._wizard.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00024064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pipe.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00010240 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\select.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00025600 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pdh.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00017408 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32profile.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00022528 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32ts.pyd 2016-08-22 20:08 - 2016-08-22 20:08 - 00055816 _____ () C:\Users\Jordan\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll 2016-08-08 13:33 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BF59ACA1-3D3A-4AFF-9F11-4EA1F5D26493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{69BFF4B4-C284-4F08-92AA-C59B144782BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{89AB3BB3-B9B6-4319-9246-0D22CD7A6B93}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{39AD32C3-0F5C-4790-86B7-66F621380E8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{142BD102-7E4E-43F4-A809-E6E9FE8D7D63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1E67B3CC-A0B9-436E-8883-3FC1A7496860}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2257C3ED-8F7E-4B3D-911A-A040B7BF0BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E7982C6-04A1-4E23-BA6D-E44E7F3A7B15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{33066F06-A818-4487-870C-6E058DD2DFD7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3C535198-2E60-4696-8366-C59E9CC33470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{293E7EBF-BF06-45F2-BE5B-15A75129C6CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6EF2B778-3670-4CB5-A93C-77A256080C51}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9071145F-39AF-4B15-9D48-5CC7F2FDDA23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{025DD1CF-84DF-4DF0-B708-AA664B19A20B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{56519AEA-C6DA-4ED5-AB86-62E93FDE8A05}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{5446968C-D235-4C26-B7DD-9DD3EFB41672}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{9384BB78-4C10-4E53-A72F-F4081E4C123B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{461AE6E2-5C7A-42A2-85CA-49C5E58AA4DF}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{7A48ED72-57E6-468F-9CDB-B5DC318E54F4}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{D65D0E1F-63B8-4503-87E0-F299F849FE26}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{F2A0A098-75C8-428B-8181-BE4B1B78DAF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C8E8454C-DBDB-419F-BA7D-ACCEB307B56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5CD73A16-61D5-470A-BAF2-0DA8D829DB44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A6C5B532-3D4D-4A02-9389-DC199AE9DD19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2CD52EA7-912D-4783-A42C-4A40412E3C15}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E86E914A-33E6-4759-879A-9B350C059557}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{D024D31D-BE3C-46F2-800E-18B196FC3D62}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{83B0E116-6B60-462E-90D6-E97CD6EC0C37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-09-2016 14:58:25 Windows Update 12-09-2016 23:08:01 Removed Finale 2014.5 19-09-2016 11:56:13 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 19-09-2016 11:57:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 19-09-2016 11:57:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 19-09-2016 11:59:21 Installed Finale 20-09-2016 01:27:06 Windows Update 21-09-2016 00:57:45 Windows Update ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2016 05:04:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/24/2016 06:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/23/2016 08:05:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/23/2016 03:13:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/21/2016 10:33:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 08:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 08:30:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 11:06:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 12:02:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1 Exception code: 0xc0000005 Fault offset: 0x5f856666 Faulting process id: 0x1880 Faulting application start time: 0x01d212f3b8ba6d65 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe Faulting module path: Updater.api Report Id: 1dfbc06d-7ee7-11e6-ace4-e06995daf5de Error: (09/20/2016 12:02:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1 Exception code: 0xc0000005 Fault offset: 0x5f86861a Faulting process id: 0x1880 Faulting application start time: 0x01d212f3b8ba6d65 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe Faulting module path: Updater.api Report Id: 1851ee62-7ee7-11e6-ace4-e06995daf5de System errors: ============= Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (09/20/2016 11:11:26 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/19/2016 10:26:24 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (09/18/2016 11:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP17.0.0 service. Error: (09/18/2016 09:58:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect. Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect. Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 37% Total physical RAM: 8172.31 MB Available physical RAM: 5073.5 MB Total Virtual: 16342.81 MB Available Virtual: 12752.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1397.17 GB) (Free:1224.66 GB) NTFS Drive e: () (Fixed) (Total:149.04 GB) (Free:6.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 564EE687) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
-
I have encountered these things before, posted on this forum and followed the instructions from other members and the scans always find something. I would imagine those would be PUPs, but I would just like to go through the removal process to be sure that my system has not been infected.
-
Thanks! I noticed you did not provide me with any clean-up/removal instructions. Do I need to do anything else at this point except for obtaining an ad blocker?
-
Encountered the following popup when visiting a video website. I know this is a scam, just want to check and see if there is any malware in my system. Ran MBAM with no threats detected.