Jhay

I will look into running a disk check. In terms of malware, nothing is out of the ordinary at this point in time.

Ran the TFC cleaner and reset all the browser settings. No problems with any browsers to be reported. Although I had the computer run Windows Updates after restart and Windows Update failed to complete the updates.

Here is the ComboFix log, attached. ComboFix.txt

Here you go. FRST.txt Addition.txt

JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 7 Home Premium x64 Ran by Jordan (Administrator) on Sat 10/29/2016 at 15:51:21.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Successfully deleted: C:\ProgramData\esellerate (Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GXTVZSI (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0RKGIV (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJ4FSUF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P13BX1O (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON7X23GU (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONH9U4ZZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT66MXIX (Temporary Internet Files Folder) Successfully deleted: C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5LNZP8S (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GXTVZSI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0RKGIV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FJ4FSUF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P13BX1O (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ON7X23GU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONH9U4ZZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT66MXIX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5LNZP8S (Temporary Internet Files Folder) Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/29/2016 at 15:54:31.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v6.030 - Logfile created 29/10/2016 at 16:01:43 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-28.2 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Jordan - JORDAN-PC # Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\Software\Enigma Protector [#] Key deleted on reboot: HKCU\Software\Enigma Protector [#] Key deleted on reboot: [x64] HKCU\Software\Enigma Protector ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [983 Bytes] - [29/10/2016 16:01:43] C:\AdwCleaner\AdwCleaner[S0].txt - [1306 Bytes] - [29/10/2016 16:01:15] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1128 Bytes] ########## Sophos Virus Removal Tool found no threats. However, I had to disable my Kaspersky because it detected the installation file as malware. Here is the Kasperky log containing the details of the threat detection: 29.10.2016 16.06.27 Detected object (file) deleted C:\Users\Jordan\Desktop\Unconfirmed 848200.crdownload File: C:\Users\Jordan\Desktop\Unconfirmed 848200.crdownload Object name: Packed.NSIS.FileMonster.gen Object type: Trojan program Time: 10/29/2016 4:06 PM FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2016 Ran by Jordan (administrator) on JORDAN-PC (29-10-2016 19:11:52) Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-26] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-20] (Hewlett-Packard ) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2016-01-28] (CyberLink) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1483888 2016-10-23] (Spotify Ltd) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [3065272 2016-01-28] (CyberLink Corp.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F5CDA2E0-CF64-4564-B668-F23236FE717D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-23] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\mgjuscpf.default [2016-10-29] FF Extension: (All Aboard) - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\mgjuscpf.default\Extensions\@all-aboard-v1-2 [2016-10-03] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) Chrome: ======= CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default [2016-10-29] CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-03] CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03] CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03] CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-03] CHR Extension: (Adblock Plus) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-03] CHR Extension: (Kaspersky Protection) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-03] CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03] CHR Extension: (AdBlock) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-23] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-10-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-03] CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03] CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-23] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CLVirtualBus01; C:\Windows\System32\DRIVERS\CLVirtualBus01.sys [95496 2014-11-05] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-10-03] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-10-03] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-10-03] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-10-03] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-29] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-08-04] (NVIDIA Corporation) R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-29 19:11 - 2016-10-29 19:12 - 00017313 _____ C:\Users\Jordan\Desktop\FRST.txt 2016-10-29 19:11 - 2016-10-29 19:11 - 02408448 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe 2016-10-29 19:11 - 2016-10-29 19:11 - 00000000 ____D C:\FRST 2016-10-29 18:15 - 2016-10-29 18:16 - 01239752 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\wlsetup-web.exe 2016-10-29 16:17 - 2016-10-29 16:17 - 00000263 _____ C:\Users\Jordan\Documents\kasperskydetect.txt 2016-10-29 16:10 - 2016-10-29 16:10 - 00000000 ____D C:\ProgramData\Sophos 2016-10-29 16:09 - 2016-10-29 16:09 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-10-29 16:09 - 2016-10-29 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-10-29 16:09 - 2016-10-29 16:09 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-10-29 16:07 - 2016-10-29 16:07 - 155779048 _____ (Sophos Limited) C:\Users\Jordan\Desktop\Sophos Virus Removal Tool.exe 2016-10-29 16:00 - 2016-10-29 16:01 - 00000000 ____D C:\AdwCleaner 2016-10-29 15:59 - 2016-10-29 15:59 - 03910208 _____ C:\Users\Jordan\Desktop\AdwCleaner.exe 2016-10-29 15:54 - 2016-10-29 15:54 - 00005180 _____ C:\Users\Jordan\Desktop\JRT.txt 2016-10-29 15:51 - 2016-10-29 15:51 - 01631928 _____ (Malwarebytes) C:\Users\Jordan\Desktop\JRT.exe 2016-10-29 15:50 - 2016-10-29 15:50 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\NVIDIA 2016-10-23 13:38 - 2016-10-23 13:38 - 00000000 ____D C:\fd13ef3f579df7ebfd39b4fa1723 2016-10-16 17:43 - 2016-10-16 17:43 - 12270846 _____ C:\Users\Jordan\Downloads\ethiopian777200lr.zip 2016-10-16 17:43 - 2016-10-16 17:43 - 00000000 ____D C:\Users\Jordan\Downloads\ethiopian777200lr 2016-10-16 16:42 - 2016-10-29 15:49 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\CyberLink 2016-10-16 16:42 - 2016-10-16 16:42 - 00000000 ____D C:\Users\Jordan\AppData\Local\Power2Go10 2016-10-16 16:41 - 2016-10-16 16:41 - 00002205 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ____D C:\Users\Public\Documents\CyberLink 2016-10-16 16:41 - 2016-10-16 16:41 - 00000000 ____D C:\Users\Jordan\AppData\Local\CyberLink 2016-10-16 16:40 - 2016-10-16 16:40 - 00002079 _____ C:\Users\Public\Desktop\CyberLink LabelPrint 2.5.lnk 2016-10-16 16:40 - 2016-10-16 16:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5 2016-10-16 16:40 - 2016-10-16 16:40 - 00000000 ____D C:\ProgramData\Temp 2016-10-16 16:39 - 2016-10-16 16:41 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2016-10-16 16:39 - 2016-10-16 16:41 - 00000000 ____D C:\Program Files (x86)\CyberLink 2016-10-16 16:39 - 2016-10-16 16:39 - 00002203 _____ C:\Users\Public\Desktop\CyberLink Power2Go 10.lnk 2016-10-16 16:39 - 2016-10-16 16:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 10 2016-10-16 16:39 - 2016-10-16 16:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_CLVirtualBus01_01009.Wdf 2016-10-16 16:39 - 2014-11-05 05:17 - 00095496 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualBus01.sys 2016-10-16 16:39 - 2009-07-14 02:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2016-10-16 16:38 - 2016-10-16 16:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR 2016-10-16 16:38 - 2016-10-16 16:40 - 00000000 ____D C:\ProgramData\install_clap 2016-10-16 16:37 - 2016-10-16 16:37 - 00000000 ____D C:\Users\Jordan\Downloads\CyberLink Power2Go 2016-10-16 16:36 - 2016-10-16 16:53 - 00000000 ____D C:\ProgramData\CyberLink 2016-10-16 16:36 - 2016-10-16 16:36 - 01089304 _____ (CyberLink) C:\Users\Jordan\Downloads\CyberLink_Power2Go_Downloader.exe 2016-10-15 22:49 - 2016-10-23 22:14 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify 2016-10-15 22:49 - 2016-10-23 22:04 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify 2016-10-15 22:49 - 2016-10-15 22:49 - 00356056 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe 2016-10-15 22:49 - 2016-10-15 22:49 - 00001811 _____ C:\Users\Jordan\Desktop\Spotify.lnk 2016-10-15 22:49 - 2016-10-15 22:49 - 00001797 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-10-15 22:48 - 2016-10-15 22:48 - 27474545 _____ (soundbounce.org ) C:\Users\Jordan\Downloads\soundbounce-setup-v1.0.exe 2016-10-15 22:48 - 2016-10-15 22:48 - 00001047 _____ C:\Users\Public\Desktop\Soundbounce.lnk 2016-10-15 22:48 - 2016-10-15 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soundbounce 2016-10-15 22:48 - 2016-10-15 22:48 - 00000000 ____D C:\Program Files (x86)\Soundbounce 2016-10-15 20:44 - 2016-10-15 21:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc 2016-10-15 20:44 - 2016-10-15 20:44 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-10-15 20:44 - 2016-10-15 20:44 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\dvdcss 2016-10-15 20:44 - 2016-10-15 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-10-15 20:43 - 2016-10-15 20:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-10-15 20:42 - 2016-10-15 20:43 - 30533688 _____ C:\Users\Jordan\Downloads\vlc-2.2.4-win32.exe 2016-10-14 21:30 - 2016-10-14 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\527473B7.sys 2016-10-14 21:06 - 2016-10-14 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2016-10-10 17:45 - 2016-10-10 17:45 - 01257052 _____ C:\Users\Jordan\Downloads\vghs_ade_dyna_fsx_p3d.zip 2016-10-10 12:03 - 2016-10-10 12:03 - 32187625 _____ C:\Users\Jordan\Downloads\captain_sim_b777_repaint_egyptair_su-gbr.zip 2016-10-10 12:03 - 2016-10-10 12:03 - 00000000 ____D C:\Users\Jordan\Downloads\captain_sim_b777_repaint_egyptair_su-gbr 2016-10-08 15:44 - 2016-10-08 15:44 - 00000000 ____D C:\Users\Jordan\Documents\Custom Office Templates 2016-10-08 13:17 - 2016-10-08 13:17 - 21665483 _____ C:\Users\Jordan\Downloads\fdsfxpnl.zip 2016-10-08 13:17 - 2016-10-08 13:17 - 00000000 ____D C:\Users\Jordan\Downloads\fdsfxpnl 2016-10-08 13:15 - 2016-10-08 13:15 - 07125379 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx772_1710.exe 2016-10-08 13:04 - 2016-10-08 13:04 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim 2016-10-08 13:04 - 2016-10-08 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim 2016-10-08 13:03 - 2016-10-08 13:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\CaptainSim 2016-10-08 13:02 - 2016-10-08 13:16 - 00000000 ____D C:\ProgramData\CaptainSim 2016-10-08 12:57 - 2016-10-08 13:00 - 303037010 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx772_1700.exe 2016-10-08 12:57 - 2016-10-08 12:58 - 31847388 _____ (Captain Sim) C:\Users\Jordan\Downloads\csx773_1700.exe 2016-10-08 12:51 - 2016-10-08 13:01 - 00002165 _____ C:\Users\Jordan\Desktop\XPax.lnk 2016-10-08 12:51 - 2016-10-08 13:00 - 00000000 ____D C:\Windows\Downloaded Installations 2016-10-08 12:51 - 2016-10-08 12:53 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\HiFi 2016-10-08 12:51 - 2016-10-08 12:51 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiFi 2016-10-08 12:51 - 2016-10-08 12:51 - 00000000 ____D C:\Program Files (x86)\HiFi 2016-10-08 12:49 - 2016-10-08 12:50 - 00000000 ____D C:\Users\Jordan\Downloads\Hifisim-XPax 2016-10-08 12:41 - 2016-10-08 12:46 - 169396374 _____ C:\Users\Jordan\Downloads\Hifisim-XPax.zip 2016-10-08 12:40 - 2016-10-08 12:40 - 00000000 ____D C:\Users\Jordan\Downloads\XPax_Update_SP2_B356 2016-10-08 12:39 - 2016-10-08 12:39 - 05274787 _____ C:\Users\Jordan\Downloads\XPax_Update_SP2_B356.zip 2016-10-08 12:36 - 2016-10-08 12:36 - 00000000 ____D C:\Users\Jordan\Downloads\FSCaptain 2016-10-08 12:34 - 2016-10-08 12:35 - 183922810 _____ C:\Users\Jordan\Downloads\FSCaptain.zip 2016-10-08 12:29 - 2016-10-16 17:38 - 00000000 ____D C:\Users\Jordan\Documents\Flight Simulator X - Steam Edition Files 2016-10-08 12:25 - 2016-10-08 12:25 - 00000000 ____D C:\Users\Jordan\Downloads\vsaxdal1 2016-10-08 12:22 - 2016-10-08 12:23 - 05606083 _____ C:\Users\Jordan\Downloads\vsaxdal1.zip 2016-10-08 12:20 - 2016-10-08 12:20 - 01350156 _____ C:\Users\Jordan\Downloads\1608_Delta_Safety.zip 2016-10-08 12:20 - 2016-10-08 12:20 - 00000000 ____D C:\Users\Jordan\Downloads\1608_Delta_Safety 2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll 2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll 2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll 2016-10-07 21:12 - 2016-10-07 21:12 - 00002164 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ___RD C:\Users\Jordan\OneDrive 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-10-07 21:12 - 2016-10-07 21:12 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2016-10-07 21:11 - 2016-10-23 13:38 - 00000000 ___HT C:\Windows\wusa.lock 2016-10-07 21:11 - 2016-10-07 21:11 - 00000000 ____D C:\13d9101e426ce389ad9452d2 2016-10-07 21:07 - 2016-10-07 21:07 - 00002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-10-07 21:07 - 2016-10-07 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2016-10-07 21:05 - 2016-10-23 13:38 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-10-07 21:05 - 2016-10-07 21:05 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-10-07 21:03 - 2016-10-23 13:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-10-07 21:03 - 2016-10-07 21:03 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-10-07 21:02 - 2016-10-07 21:02 - 03768120 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\Setup.X86.en-US_O365HomePremRetail_0380fcf4-070a-4dfb-bed2-1752963ea89b_TX_PR_.exe 2016-10-07 20:06 - 2016-10-07 20:06 - 00000000 ____D C:\Users\Jordan\Downloads\GE View 2016-10-04 21:42 - 2016-10-16 14:43 - 00000000 ____D C:\Users\Jordan\Documents\Pinnacle 2016-10-04 21:40 - 2016-10-29 16:50 - 00004608 _____ C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-04 21:39 - 2016-10-29 19:05 - 00000000 ____D C:\Users\Jordan\temp 2016-10-04 21:39 - 2016-10-29 18:22 - 00000000 ____D C:\Users\Jordan\AppData\Local\Avid 2016-10-04 21:39 - 2016-10-29 16:23 - 00000813 _____ C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-10-04 21:39 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\Documents\InstantCDDVD 2016-10-04 21:36 - 2016-10-04 21:36 - 00002246 _____ C:\Users\Public\Desktop\Pinnacle Studio 16.lnk 2016-10-04 21:34 - 2016-10-04 21:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle 2016-10-04 21:28 - 2016-10-29 18:22 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2016-10-04 21:26 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\Pinnacle 2016-10-04 21:26 - 2016-10-04 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 16 2016-10-04 21:26 - 2016-10-04 21:34 - 00000000 ____D C:\ProgramData\Pinnacle 2016-10-04 21:26 - 2016-10-04 21:34 - 00000000 ____D C:\Program Files (x86)\Pinnacle 2016-10-04 21:25 - 2016-10-04 21:38 - 00000000 ____D C:\Users\Jordan\AppData\Local\Downloaded Installations 2016-10-04 21:22 - 2016-10-04 21:24 - 00000000 ____D C:\Users\Jordan\Desktop\PinnacleStudioSetup 2016-10-04 21:20 - 2016-10-26 23:24 - 00000600 _____ C:\Users\Jordan\AppData\Local\PUTTY.RND 2016-10-04 21:03 - 2016-10-04 21:03 - 00592080 _____ (ITS CIS CSS Syracuse University) C:\Users\Jordan\Desktop\Syracuse University Remote Access.exe 2016-10-04 21:03 - 2016-10-04 21:03 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\SURA 2016-10-04 21:02 - 2016-10-26 23:24 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\FileZilla 2016-10-04 21:02 - 2016-10-04 21:02 - 06654776 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.22.1_win64-setup_bundled2.exe 2016-10-04 21:02 - 2016-10-04 21:02 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2016-10-04 21:02 - 2016-10-04 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2016-10-04 21:02 - 2016-10-04 21:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client 2016-10-03 22:41 - 2016-10-16 23:34 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps 2016-10-03 22:30 - 2016-10-03 22:39 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\fs_earth_x 2016-10-03 22:30 - 2016-10-03 22:30 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2016-10-03 22:30 - 2016-10-03 22:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2016-10-03 22:30 - 2016-10-03 22:30 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fs Earth for FSX 2016-10-03 22:30 - 2016-10-03 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fs Earth for FSX 2016-10-03 22:29 - 2016-10-03 22:29 - 00000000 ____D C:\Users\Jordan\Downloads\fsxea52 2016-10-03 22:28 - 2016-10-03 22:28 - 03627824 _____ C:\Users\Jordan\Downloads\fsxea52.zip 2016-10-03 21:59 - 2016-10-03 21:59 - 12642538 _____ C:\Users\Jordan\Downloads\fsw_gmap_brw_20.zip 2016-10-03 21:59 - 2016-10-03 21:59 - 00000000 ____D C:\Users\Jordan\Downloads\fsw_gmap_brw_20 2016-10-03 21:41 - 2016-10-03 21:41 - 08460792 _____ (Sublime HQ Pty Ltd ) C:\Users\Jordan\Downloads\Sublime Text Build 3126 x64 Setup.exe 2016-10-03 21:41 - 2016-10-03 21:41 - 00000886 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Sublime Text 3 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Users\Jordan\AppData\Local\Sublime Text 3 2016-10-03 21:41 - 2016-10-03 21:41 - 00000000 ____D C:\Program Files\Sublime Text 3 2016-10-03 21:34 - 2016-10-03 21:34 - 00000000 ____D C:\Users\Jordan\Downloads\fsx_bmw 2016-10-03 21:33 - 2016-10-03 21:34 - 03554185 _____ C:\Users\Jordan\Downloads\fsx_bmw.zip 2016-10-03 21:32 - 2016-10-03 21:32 - 00000000 ____D C:\Users\Jordan\Downloads\bmw 2016-10-03 21:31 - 2016-10-03 21:32 - 03576329 _____ C:\Users\Jordan\Downloads\bmw.zip 2016-10-03 21:24 - 2016-10-03 21:24 - 00000061 ___SH C:\Windows\cnerolf.bin 2016-10-03 21:23 - 2016-10-03 21:23 - 00000000 ____D C:\Users\Jordan\Downloads\FSUIPC4 2016-10-03 21:18 - 2016-10-03 21:18 - 03988172 _____ C:\Users\Jordan\Downloads\FSUIPC4.zip 2016-10-03 21:17 - 2016-10-03 21:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0 2016-10-03 21:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-10-03 21:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-10-03 21:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-10-03 21:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2016-10-03 21:17 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2016-10-03 21:17 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2016-10-03 21:17 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2016-10-03 21:17 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2016-10-03 21:17 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2016-10-03 21:17 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2016-10-03 21:17 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2016-10-03 21:17 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2016-10-03 21:17 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2016-10-03 21:17 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2016-10-03 21:17 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2016-10-03 21:17 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2016-10-03 21:17 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2016-10-03 21:17 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2016-10-03 21:17 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2016-10-03 21:17 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2016-10-03 21:17 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2016-10-03 21:17 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2016-10-03 21:17 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2016-10-03 21:17 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2016-10-03 21:17 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2016-10-03 21:17 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2016-10-03 21:17 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2016-10-03 21:17 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2016-10-03 21:17 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2016-10-03 21:17 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2016-10-03 21:17 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2016-10-03 21:17 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2016-10-03 21:17 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2016-10-03 21:17 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2016-10-03 21:17 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2016-10-03 21:17 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2016-10-03 21:17 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2016-10-03 21:17 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2016-10-03 21:17 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2016-10-03 21:17 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2016-10-03 21:17 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2016-10-03 21:17 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2016-10-03 21:17 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2016-10-03 21:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2016-10-03 21:17 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2016-10-03 21:17 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2016-10-03 21:17 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2016-10-03 21:17 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2016-10-03 21:17 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2016-10-03 21:17 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2016-10-03 21:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2016-10-03 21:17 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2016-10-03 21:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2016-10-03 21:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2016-10-03 21:17 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2016-10-03 21:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2016-10-03 21:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2016-10-03 21:17 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2016-10-03 21:17 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2016-10-03 21:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2016-10-03 21:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2016-10-03 21:17 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2016-10-03 21:17 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-10-03 21:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-10-03 21:16 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-10-03 21:16 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-10-03 21:16 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2016-10-03 21:16 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2016-10-03 21:16 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2016-10-03 21:16 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2016-10-03 21:16 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-10-03 21:16 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-10-03 21:16 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2016-10-03 21:16 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2016-10-03 21:16 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2016-10-03 21:16 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2016-10-03 21:16 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2016-10-03 21:16 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2016-10-03 21:16 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2016-10-03 21:16 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2016-10-03 21:16 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2016-10-03 21:16 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2016-10-03 21:13 - 2016-10-03 21:13 - 00000000 ____D C:\Users\Jordan\Downloads\woains24 2016-10-03 21:12 - 2016-10-16 23:34 - 00000000 ____D C:\Users\Jordan\Documents\Flight Simulator X Files 2016-10-03 21:11 - 2016-10-03 21:12 - 00000000 ____D C:\Users\Jordan\Downloads\fsw_gmap_garmin_20 2016-10-03 21:07 - 2016-10-03 21:07 - 13028341 _____ C:\Users\Jordan\Downloads\fsw_gmap_garmin_20.zip 2016-10-03 21:03 - 2016-10-03 21:03 - 00996297 _____ C:\Users\Jordan\Downloads\woains24.zip 2016-10-03 20:38 - 2016-10-03 20:39 - 00000000 ____D C:\Users\Jordan\Downloads\road_v11 2016-10-03 20:35 - 2016-10-03 20:36 - 00196254 _____ C:\Users\Jordan\Downloads\GE View.zip 2016-10-03 20:28 - 2016-10-03 20:30 - 04758595 _____ C:\Users\Jordan\Downloads\road_v11.zip 2016-10-03 20:25 - 2016-10-03 20:25 - 00000000 ____D C:\Users\Jordan\Downloads\rex_road_highway_textures_for_fsx 2016-10-03 20:23 - 2016-10-03 20:25 - 05376817 _____ C:\Users\Jordan\Downloads\rex_road_highway_textures_for_fsx.zip 2016-10-03 20:10 - 2016-10-03 20:10 - 00000222 _____ C:\Users\Jordan\Desktop\Microsoft Flight Simulator X Steam Edition.url 2016-10-03 20:10 - 2016-10-03 20:10 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-10-03 20:06 - 2016-10-03 20:06 - 00000000 ____D C:\Users\Jordan\AppData\Local\Steam 2016-10-03 20:06 - 2016-10-03 20:06 - 00000000 ____D C:\Users\Jordan\AppData\Local\CEF 2016-10-03 20:04 - 2016-10-29 16:03 - 00000000 ____D C:\Program Files (x86)\Steam 2016-10-03 20:04 - 2016-10-03 20:04 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk 2016-10-03 20:04 - 2016-10-03 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-10-03 20:03 - 2016-10-03 20:03 - 01446792 _____ C:\Users\Jordan\Downloads\SteamSetup.exe 2016-10-03 19:55 - 2016-10-03 19:55 - 00770088 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-10-03 19:53 - 2016-10-03 19:58 - 00000000 ____D C:\cd7e96c27cf3447e7b38cdc351a3 2016-10-03 19:53 - 2016-10-03 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-10-03 19:52 - 2016-10-03 19:52 - 00000000 ____D C:\Users\Jordan\AppData\Local\NVIDIA 2016-10-03 19:42 - 2016-10-03 19:42 - 00000000 ____D C:\9264e20d95ef3fe09ab05a 2016-10-03 19:41 - 2016-10-03 19:42 - 01429344 _____ (Microsoft Corporation) C:\Users\Jordan\Downloads\NDP462-KB3151802-Web.exe 2016-10-03 19:40 - 2016-10-29 16:02 - 00000000 ____D C:\ProgramData\NVIDIA 2016-10-03 19:40 - 2016-10-03 19:40 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-10-03 19:40 - 2016-09-16 18:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-10-03 19:40 - 2016-09-09 14:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-10-03 19:40 - 2016-09-09 14:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll 2016-10-03 19:40 - 2016-09-09 14:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-10-03 19:40 - 2016-09-09 14:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe 2016-10-03 19:39 - 2016-10-03 19:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-10-03 19:39 - 2016-10-03 19:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-10-03 19:39 - 2016-09-16 20:46 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2016-10-03 19:39 - 2016-09-16 20:46 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-10-03 19:39 - 2016-09-16 18:57 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-10-03 19:39 - 2016-09-16 18:57 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-10-03 19:39 - 2016-09-16 03:40 - 07379415 _____ C:\Windows\system32\nvcoproc.bin 2016-10-03 19:38 - 2016-10-16 16:38 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-03 19:38 - 2016-09-19 19:09 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2016-10-03 19:38 - 2016-09-19 19:09 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2016-10-03 19:38 - 2016-09-19 19:09 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-10-03 19:38 - 2016-09-16 20:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-10-03 19:38 - 2016-09-16 20:46 - 00039730 _____ C:\Windows\system32\nvinfo.pb 2016-10-03 19:38 - 2016-09-16 20:46 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-10-03 19:38 - 2016-09-16 20:46 - 00000669 _____ C:\Windows\system32\nv-vk64.json 2016-10-03 19:38 - 2016-08-04 06:25 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2016-10-03 19:38 - 2016-08-04 06:25 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2016-10-03 19:38 - 2016-08-04 06:25 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2016-10-03 19:12 - 2016-10-03 19:12 - 00008192 __RSH C:\BOOTSECT.BAK 2016-10-03 19:12 - 2016-10-03 17:10 - 00000000 ____D C:\Windows\Panther 2016-10-03 19:12 - 2010-11-20 23:23 - 00383786 __RSH C:\bootmgr 2016-10-03 18:31 - 2016-10-29 16:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-03 18:31 - 2016-10-03 18:31 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-03 18:31 - 2016-10-03 18:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-03 18:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-10-03 18:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-10-03 18:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-10-03 18:15 - 2016-10-03 18:15 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-10-03 18:15 - 2016-10-03 18:15 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-10-03 18:14 - 2016-10-03 18:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2016-10-03 18:05 - 2016-10-03 18:05 - 22851472 _____ (Malwarebytes ) C:\Users\Jordan\Downloads\mbam-setup-2.2.1.1043.exe 2016-10-03 17:58 - 2016-10-29 16:03 - 00000000 ___RD C:\Users\Jordan\Google Drive 2016-10-03 17:58 - 2016-10-03 17:58 - 00001701 _____ C:\Users\Jordan\Desktop\Google Drive.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-10-03 17:57 - 2016-10-03 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-10-03 17:51 - 2016-10-03 17:51 - 01065376 _____ (Google Inc.) C:\Users\Jordan\Downloads\googledrivesync.exe 2016-10-03 17:50 - 2016-10-03 22:00 - 00000000 ____D C:\Users\Jordan\AppData\Local\Mozilla 2016-10-03 17:50 - 2016-10-03 17:50 - 01065376 _____ (Google Inc.) C:\Users\Jordan\Downloads\GoogleEarthSetup.exe 2016-10-03 17:50 - 2016-10-03 17:50 - 00002144 _____ C:\Users\Public\Desktop\Google Earth.lnk 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Mozilla 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\Google 2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-10-03 17:38 - 2016-10-03 17:38 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-10-03 17:38 - 2016-10-03 17:38 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-10-03 17:38 - 2016-10-03 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-03 17:38 - 2016-10-03 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-10-03 17:37 - 2016-10-03 17:37 - 46883960 _____ C:\Users\Jordan\Downloads\Firefox Setup 49.0.1.exe 2016-10-03 17:35 - 2016-10-03 17:35 - 00000000 ____D C:\808ea3e4252a262c5f 2016-10-03 17:35 - 2016-10-03 17:35 - 00000000 ____D C:\193e5f0e1348d1da7c96 2016-10-03 17:32 - 2016-10-03 19:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-10-03 17:31 - 2016-10-03 17:31 - 00000000 ____D C:\NVIDIA 2016-10-03 17:27 - 2016-10-29 16:20 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2016-10-03 17:27 - 2016-10-03 17:27 - 00000000 ____D C:\Program Files\Common Files\AV 2016-10-03 17:26 - 2016-10-29 18:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-10-03 17:26 - 2016-10-03 17:26 - 00002150 _____ C:\Users\Public\Desktop\Safe Money.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00001374 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\Windows\ELAMBKUP 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-10-03 17:26 - 2016-10-03 17:26 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-10-03 17:26 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-10-03 17:25 - 2016-10-03 17:40 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-10-03 17:25 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-10-03 17:23 - 2016-10-03 17:23 - 351102072 _____ (NVIDIA Corporation) C:\Users\Jordan\Downloads\372.90-desktop-win8-win7-64bit-international-whql.exe 2016-10-03 17:22 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-10-03 17:22 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-10-03 17:22 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-10-03 17:22 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-10-03 17:21 - 2016-10-03 17:21 - 177912864 _____ (Kaspersky Lab) C:\Users\Jordan\Downloads\kis17.0.0.611en_10743.exe 2016-10-03 17:21 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-10-03 17:21 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-10-03 17:21 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-10-03 17:21 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-10-03 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-10-03 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-10-03 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-10-03 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-10-03 17:19 - 2016-10-29 18:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-03 17:19 - 2016-10-29 17:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-03 17:19 - 2016-10-23 13:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-03 17:19 - 2016-10-23 13:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-03 17:19 - 2016-10-08 13:45 - 00140752 _____ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-03 17:19 - 2016-10-03 20:32 - 00000000 ____D C:\Users\Jordan\AppData\Local\Google 2016-10-03 17:19 - 2016-10-03 17:57 - 00000000 ____D C:\Program Files (x86)\Google 2016-10-03 17:19 - 2016-10-03 17:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-10-03 17:19 - 2016-10-03 17:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-10-03 17:19 - 2016-10-03 17:19 - 00000000 ____D C:\Users\Jordan\AppData\Local\Deployment 2016-10-03 17:19 - 2016-10-03 17:19 - 00000000 ____D C:\Users\Jordan\AppData\Local\Apps\2.0 2016-10-03 17:16 - 2016-10-16 16:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-10-03 17:16 - 2016-10-03 17:16 - 00001661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Beats Audio.lnk 2016-10-03 17:16 - 2016-10-03 17:16 - 00000000 ____D C:\ProgramData\SonicFocus 2016-10-03 17:16 - 2016-10-03 17:16 - 00000000 ____D C:\Program Files\IDT 2016-10-03 17:16 - 2011-01-26 09:52 - 12897792 _____ (IDT, Inc.) C:\Windows\system32\idtcpl64.cpl 2016-10-03 17:16 - 2011-01-26 09:52 - 04637184 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 01499136 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00835072 _____ (IDT, Inc.) C:\Windows\sttray64.exe 2016-10-03 17:16 - 2011-01-26 09:52 - 00651776 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00520192 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys 2016-10-03 17:16 - 2011-01-26 09:52 - 00431616 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00221184 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll 2016-10-03 17:16 - 2011-01-26 09:52 - 00220160 _____ (IDT, Inc.) C:\Windows\system32\staco64.dll 2016-10-03 17:16 - 2010-08-12 22:14 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.DLL 2016-10-03 17:16 - 2010-08-12 22:14 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\sfcom.dll 2016-10-03 17:16 - 2010-03-31 22:11 - 00162304 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll 2016-10-03 17:16 - 2009-10-09 08:45 - 00442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll 2016-10-03 17:16 - 2009-03-02 09:58 - 00068608 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll 2016-10-03 17:16 - 2009-03-02 09:47 - 00090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll 2016-10-03 17:12 - 2016-10-03 17:12 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\WinBatch 2016-10-03 17:11 - 2016-10-03 17:11 - 00001447 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-10-03 17:11 - 2016-10-03 17:11 - 00001413 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-10-03 17:10 - 2016-10-07 21:12 - 00000000 ____D C:\Users\Jordan 2016-10-03 17:10 - 2016-10-04 21:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore 2016-10-03 17:10 - 2016-10-03 17:10 - 00000020 ___SH C:\Users\Jordan\ntuser.ini 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\My Documents 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Videos 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Pictures 2016-10-03 17:10 - 2016-10-03 17:10 - 00000000 _SHDL C:\Users\Jordan\Documents\My Music 2016-10-03 17:10 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Media Center Programs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-29 16:38 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-29 16:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-10-29 16:10 - 2009-07-14 00:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-29 16:10 - 2009-07-14 00:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-29 16:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-24 20:23 - 2009-07-14 01:08 - 00008676 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-10 10:59 - 2009-07-14 00:45 - 00496224 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-07 21:05 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-10-03 20:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2016-10-03 19:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help 2016-10-03 19:12 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2016-10-03 18:15 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-10-03 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep 2016-10-03 17:40 - 2016-06-20 17:29 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-10-03 17:40 - 2016-06-02 22:39 - 00126360 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-10-03 17:39 - 2016-06-20 17:51 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-10-03 17:14 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2016-10-04 21:39 - 2016-10-29 16:23 - 0000813 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-10-04 21:39 - 2016-10-29 19:05 - 0000958 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log 2016-10-04 21:39 - 2016-10-29 18:15 - 0000786 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log 2016-10-04 21:40 - 2016-10-29 16:50 - 0004608 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-04 21:20 - 2016-10-26 23:24 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\Jordan\AppData\Local\Temp\libeay32.dll C:\Users\Jordan\AppData\Local\Temp\msvcr120.dll C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-03 18:12 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016 Ran by Jordan (29-10-2016 19:12:26) Running from C:\Users\Jordan\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-10-03 21:10:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2563237544-1932412345-1817232179-500 - Administrator - Disabled) Guest (S-1-5-21-2563237544-1932412345-1817232179-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2563237544-1932412345-1817232179-1002 - Limited - Enabled) Jordan (S-1-5-21-2563237544-1932412345-1817232179-1000 - Administrator - Enabled) => C:\Users\Jordan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 777 Captain (777-200) Base Pack [FSX/SE] Update 1.71 FSX-SE (HKLM-x32\...\x772_stm) (Version: 1.71 - © 1999-2016 Captain Sim) Ansel (Version: 372.90 - NVIDIA Corporation) Hidden CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.2522.0 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.5816.0 - CyberLink Corp.) FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Earth (HKLM-x32\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation) NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation) Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation) Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Soundbounce version 1.0a (HKLM-x32\...\{A1E1F8D8-BEA1-44A0-90DD-ECB5DF59A082}_is1) (Version: 1.0a - soundbounce.org) Spotify (HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\...\Spotify) (Version: 1.0.39.157.g674ae377 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) XPax (HKLM-x32\...\{F2392BB6-52EF-4A0A-9A54-199AD0F2F3DA}) (Version: 0.00.0350 - HiFi Flightware) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-2563237544-1932412345-1817232179-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {259B3A50-6259-4D83-9191-ED233CA205B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) Task: {756CD365-E841-4E8D-9C25-78DFA1403520} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab) Task: {7B19AB72-74EF-42D5-9C3A-8BCCB80548C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) Task: {88591A53-49BA-464A-962C-5072DE06B4BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) Task: {9108EE54-AAC5-41C5-9A23-DA5EFC77A5CE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation) Task: {B198A1E1-A36C-4467-95AA-068DA782FA7D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-10-03 19:39 - 2016-09-16 18:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-10-07 21:12 - 2016-10-07 21:12 - 00959168 _____ () C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-10-03 10:57 - 2016-10-03 10:57 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-10-23 13:39 - 2016-10-20 04:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-23 13:39 - 2016-10-20 04:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-10-03 19:40 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-03 20:05 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-10-03 20:05 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-10-03 20:05 - 2016-10-12 21:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-10-03 20:05 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-10-03 20:05 - 2016-10-12 21:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-10-03 20:05 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00098816 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32api.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00110080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pywintypes27.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00364544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pythoncom27.dll 2016-10-29 16:03 - 2016-10-29 16:03 - 00320512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32com.shell.shell.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00776704 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_hashlib.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01176576 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._core_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00806400 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._gdi_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00816128 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._windows_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01067008 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._controls_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00733184 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._misc_.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00682496 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pysqlite2._sqlite.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_ctypes.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00119808 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32file.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00108544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32security.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00007168 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\hashobjs_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00017920 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\thumbnails_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\usb_ext.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00012800 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\common.time34.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00018432 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32event.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00167936 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32gui.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00046080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_socket.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 01208320 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_ssl.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00128512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_elementtree.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00127488 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\pyexpat.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00038912 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32inet.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00036864 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_psutil_windows.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00525208 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\windows._lib_cacheinvalidation.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00011264 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32crypt.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00077312 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._html2.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00027136 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_multiprocessing.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00020480 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\_yappi.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00035840 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32process.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00686080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\unicodedata.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00078848 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._animate.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00123392 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\wx._wizard.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00024064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32pipe.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00010240 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\select.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00025600 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32pdh.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00017408 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32profile.pyd 2016-10-29 16:03 - 2016-10-29 16:03 - 00022528 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI37842\win32ts.pyd 2016-10-07 21:12 - 2016-10-07 21:12 - 00679624 _____ () C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-10-14 20:54 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll 2016-10-16 16:39 - 2016-01-28 03:45 - 00626104 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2563237544-1932412345-1817232179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0CC9A52F-C4E2-4204-8F36-D263B308788D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{632A10B5-B343-4F8F-8EC1-908320E7913B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{034AB3B6-3496-4C34-911E-F50C960CC0CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C752D002-0E5A-4DC2-86A8-D07A5CF45A4E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{1C3833C7-4905-44C2-9A23-516CB5FAF2B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{17588DA4-3B9C-4CC6-A2F2-02893BDC6739}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6517C106-96B4-409C-B9E6-FE6EED23D07E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C0DFB09D-EC14-4EB8-94CE-FF5C1C5A3EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B5960E90-252A-4215-8FED-22093AF477E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEE3858E-BD35-478C-8E5B-16FD6D6926B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4F8798B5-84A6-4510-9B48-5C5F7FC928E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{24BF7D26-6D50-4EAE-AD2E-C5DDD894BDC4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{95D9D75E-5632-4381-ACB8-81B4B55EB12E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{33719AEC-6A70-4BED-843E-92A40BD77CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{F598006B-07AF-4324-A71C-8FBB82AA2287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{F199CBC7-5FBE-416E-A6AA-D1B3FB98BB52}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{ADC709B0-931D-4C25-B418-AECB8BE8A462}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{F8F4EA0E-47CC-4E2C-9367-AE8F3E0B993A}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{13EDEC83-5F05-40E8-B527-B19F5174FA63}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{7125AF73-FC11-44C4-A57F-91E630001716}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{E89A49B7-F7D9-4623-851A-04178ED82F73}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{E1FD6198-6E4B-4D44-A4AD-8F778A57EE87}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{4DBDF475-6A13-4E50-8971-BD67502323E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 16-10-2016 16:38:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 16-10-2016 16:40:03 Installed LabelPrint 29-10-2016 15:51:25 JRT Pre-Junkware Removal 29-10-2016 16:09:01 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2016 04:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/29/2016 03:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/28/2016 01:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/27/2016 11:11:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/26/2016 09:28:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/25/2016 08:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 08:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 08:22:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x1d8 Faulting application start time: 0x01d22e552f1fabdc Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 2467703d-9a49-11e6-ba92-e06995daf5de Error: (10/24/2016 08:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/24/2016 11:12:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/29/2016 04:01:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/29/2016 04:01:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-10-03 17:40:43.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.576 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 17:40:43.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 48% Total physical RAM: 8172.31 MB Available physical RAM: 4173.73 MB Total Virtual: 16342.82 MB Available Virtual: 12106.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1397.26 GB) (Free:1270.07 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive f: () (Fixed) (Total:149.04 GB) (Free:6.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 6D84B434) Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Here is the MBAM log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/27/2016 Scan Time: 11:36 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.28.04 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jordan Scan Type: Threat Scan Result: Completed Objects Scanned: 296146 Time Elapsed: 10 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Today I encountered another spam-attack type message while browsing sketchy websites, depicted by the image computerblock.png and yesterday encountered an attack similarly resembling the image spampopup.png. I know I have encountered these before and they don't necessarily pose a substantial threat to the security, health and welfare of my computer. Basically, I know they are scams and not genuinely real. However, I would like to check them out to see if they have actually caused my system any significant damage.

Here we go, the final log! Thanks very much for your help! # DelFix v1.013 - Logfile created 27/09/2016 at 13:06:17 # Updated 17/04/2016 by Xplode # Username : Jordan - JORDAN-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Jordan\Desktop\Addition.txt Deleted : C:\Users\Jordan\Desktop\AdwCleaner.exe Deleted : C:\Users\Jordan\Desktop\Fixlog.txt Deleted : C:\Users\Jordan\Desktop\FRST.txt Deleted : C:\Users\Jordan\Desktop\FRST64.exe Deleted : C:\Users\Jordan\Desktop\JRT.exe Deleted : C:\Users\Jordan\Desktop\JRT.txt ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #61 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 09/19/2016 15:56:13] Deleted : RP #62 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 09/19/2016 15:57:03] Deleted : RP #63 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 09/19/2016 15:57:46] Deleted : RP #64 [Installed Finale | 09/19/2016 15:59:21] Deleted : RP #65 [Windows Update | 09/20/2016 05:27:06] Deleted : RP #66 [Windows Update | 09/21/2016 04:57:45] Deleted : RP #68 [Restore Point Created by FRST | 09/26/2016 21:08:23] Deleted : RP #69 [JRT Pre-Junkware Removal | 09/26/2016 21:10:59] Deleted : RP #71 [Restore Point Created by FRST | 09/26/2016 21:55:15] Deleted : RP #72 [Installed FSX Google Earth Tracker | 09/26/2016 22:49:24] Deleted : RP #73 [Windows Update | 09/26/2016 23:19:09] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

No, I think we're set. Thanks for your help!

Alright, it looks like copy/paste is working again on the browser, so here are the results of the new Fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Jordan (26-09-2016 17:55:10) Run:2 Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212] EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ========================= bcdedit ======================== The operation completed successfully. ========= End of bcdedit ========= C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42877728 B Java, Flash, Steam htmlcache => 51697754 B Windows/system/drivers => 147168264 B Edge => 0 B Chrome => 98167868 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 58558406 B systemprofile32 => 66088 B LocalService => 0 B NetworkService => 45504 B Jordan => 454591166 B RecycleBin => 748 B EmptyTemp: => 821.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:55:46 ====

Because my browser would not allow me to copy/paste text, I have attached the logs. Also when running the FRST fix, Kaspersky discovered the FRST64.exe as malware, specifically PDM:Trojan.Win32.Generic. Kaspersky asked me if I wanted to disinfect the infection with or without restarting my computer, and I chose to disinfect without restart. After doing so, Kaspersky told me "the malware action has now been rolled back" and a registry entry had been restored. Although the actual FRST64.exe file remains in quarantine. Fixlog.txt JRT.txt AdwCleaner[S0].txt

All right. Here's my first set of logs. FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016 Ran by Jordan (administrator) on JORDAN-PC (25-09-2016 17:39:21) Running from C:\Users\Jordan\Desktop Loaded Profiles: Jordan (Available Profiles: Jordan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-08] (Spotify Ltd) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [911248 2011-03-21] (Samsung) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-03-21] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-03-21] () ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3B3DB352-DB9E-47B4-BDA0-F812F6180C6E}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-08] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi Chrome: ======= CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default [2016-09-25] CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-03] CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-03] CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-03] CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-03] CHR Extension: (Adobe Acrobat) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-10] CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-03] CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03] CHR Extension: (AdBlock) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-25] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03] CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-03] CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-1466031636-3715157435-865888265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) S3 HIDMiniport; C:\Windows\System32\DRIVERS\HIDMiniport.sys [7744 2016-09-03] () S3 HIDWiimote; C:\Windows\System32\DRIVERS\HIDWiimote.sys [25232 2016-09-03] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-10] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-10] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-10] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-10] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.) S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich) R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 17:38 - 2016-09-25 17:39 - 00037111 _____ C:\Users\Jordan\Desktop\Addition.txt 2016-09-25 17:37 - 2016-09-25 17:39 - 00020857 _____ C:\Users\Jordan\Desktop\FRST.txt 2016-09-25 17:37 - 2016-09-25 17:39 - 00000000 ____D C:\FRST 2016-09-25 17:37 - 2016-09-25 17:37 - 02403328 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe 2016-09-20 20:37 - 2016-08-05 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-09-20 20:37 - 2016-08-05 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-09-20 01:07 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-09-20 01:07 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-09-20 01:07 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-09-20 01:07 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-09-20 01:07 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-09-20 01:07 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-09-20 01:07 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-09-20 01:07 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-09-20 01:07 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-09-20 01:07 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-09-20 01:07 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-09-20 01:07 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-09-20 01:07 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-09-20 01:07 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-09-20 01:07 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-09-20 01:07 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-09-20 01:07 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-09-20 01:07 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-09-20 01:07 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-09-20 01:07 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-09-20 01:07 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-09-20 01:07 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-09-20 01:07 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-09-20 01:07 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-09-20 01:07 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-09-20 01:07 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-09-20 01:07 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-09-20 01:07 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-09-20 01:07 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-09-20 01:07 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-09-20 01:07 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-09-20 01:07 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-09-20 01:07 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-09-20 01:07 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-09-20 01:07 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-09-20 01:07 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-09-20 01:07 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-09-20 01:07 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-09-20 01:07 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-09-20 01:07 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-09-20 01:07 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-09-20 01:07 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-09-20 01:07 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-09-20 01:07 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-09-20 01:07 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-09-20 01:07 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-09-20 01:07 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-09-20 01:07 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-09-20 01:07 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-09-20 01:07 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-09-20 01:07 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-09-20 01:07 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-09-20 01:07 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-09-20 01:07 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-09-20 01:07 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-09-20 01:07 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-09-20 01:07 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-09-20 01:07 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-09-20 01:07 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-09-20 01:07 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-09-20 01:07 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-09-20 01:07 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-09-20 01:07 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-09-20 01:07 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-20 01:07 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-20 01:07 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-20 01:06 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-09-20 01:06 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-09-20 01:06 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-09-20 01:06 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-09-20 01:06 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-20 01:06 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-09-20 01:06 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-09-20 01:06 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-09-20 01:06 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-09-20 01:06 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-09-20 01:06 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-09-20 01:06 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-09-20 01:06 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-09-20 01:06 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-09-20 01:06 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-20 01:06 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-20 01:06 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-20 01:06 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-09-20 01:06 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-09-20 01:06 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-09-20 01:06 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-09-20 01:06 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-09-20 01:06 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-09-20 01:06 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-09-20 01:06 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-09-20 01:06 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-20 01:06 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-20 01:06 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-09-20 01:06 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-20 01:06 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-20 01:06 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-09-20 01:06 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-09-20 01:06 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-09-20 01:06 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-09-20 01:06 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-09-20 01:06 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-09-20 01:06 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-09-20 01:06 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-09-20 01:06 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-09-20 01:06 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-09-20 01:06 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-09-20 01:06 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-09-20 01:06 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-09-20 01:06 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-09-20 01:06 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-09-20 01:06 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-09-20 01:06 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-09-20 01:06 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-09-20 01:06 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-09-20 01:06 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-09-20 01:06 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-09-20 01:06 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-09-20 01:06 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-09-20 01:06 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-09-20 01:06 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-09-20 01:06 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-09-20 01:06 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-09-20 01:06 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-09-20 01:06 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-09-20 01:06 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-09-20 01:06 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-09-20 01:06 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-09-19 23:44 - 2016-09-19 23:44 - 00001029 _____ C:\Users\Public\Desktop\ImagePrinter Pro.lnk 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Users\Jordan\AppData\Local\ImagePrinter Pro 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImagePrinter Pro 2016-09-19 23:44 - 2016-09-19 23:44 - 00000000 ____D C:\Program Files\Code Industry 2016-09-19 23:44 - 2016-03-05 15:06 - 00024576 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localmon.dll 2016-09-19 23:44 - 2016-03-05 15:06 - 00015872 _____ (Copyright (c) 2011 Code Industry LTD) C:\Windows\system32\img_localui.dll 2016-09-19 23:38 - 2016-09-19 23:39 - 26370968 _____ (Code Industry Ltd. ) C:\Users\Jordan\Downloads\ImagePrinterPro-setup.exe 2016-09-19 12:55 - 2016-09-19 12:55 - 130294103 _____ C:\Users\Jordan\Downloads\fluid-soundfont.tar.gz 2016-09-19 12:55 - 2016-09-19 12:55 - 01378550 _____ (Igor Pavlov) C:\Users\Jordan\Downloads\7z1602-x64.exe 2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-09-19 12:55 - 2016-09-19 12:55 - 00000000 ____D C:\Program Files\7-Zip 2016-09-19 12:24 - 2016-09-19 12:24 - 00000000 ____D C:\Users\Jordan\.oracle_jre_usage 2016-09-19 12:22 - 2016-09-19 12:22 - 00000000 ____D C:\3129df33e7798561b508 2016-09-19 12:00 - 2016-09-19 12:00 - 00001757 _____ C:\Users\Public\Desktop\Finale.lnk 2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2016-09-19 12:00 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2016-09-19 11:59 - 2016-09-19 12:00 - 00000000 ____D C:\Program Files\Finale 2016-09-19 11:59 - 2016-09-19 11:59 - 00000000 ____D C:\ProgramData\MakeMusic 2016-09-19 11:53 - 2016-09-19 11:54 - 330460368 _____ ( ) C:\Users\Jordan\Downloads\FinaleDemoSetup.exe 2016-09-19 02:07 - 2016-09-19 02:07 - 00000481 _____ C:\Windows\demdata.txt 2016-09-18 22:02 - 2016-09-18 22:02 - 00000000 ____D C:\a0b924c5655de52555 2016-09-16 09:22 - 2016-09-16 09:22 - 00164231 _____ C:\Users\Jordan\Documents\Colleen Deacon flyer.pdf 2016-09-16 09:22 - 2016-09-16 09:22 - 00000000 ____D C:\Users\Jordan\Documents\Custom Office Templates 2016-09-11 23:55 - 2016-09-11 23:55 - 00000000 ____D C:\Users\Jordan\Documents\Pinnacle 2016-09-10 14:17 - 2016-09-10 14:17 - 00002150 _____ C:\Users\Public\Desktop\Safe Money.lnk 2016-09-10 14:17 - 2016-09-10 14:17 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-09-10 14:17 - 2016-09-10 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-09-10 14:16 - 2016-09-10 14:36 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-09-10 14:16 - 2016-09-10 14:16 - 00000000 ____D C:\Windows\ELAMBKUP 2016-09-10 14:16 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-09-10 14:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-09-10 14:11 - 2016-09-10 14:11 - 177912864 _____ (Kaspersky Lab) C:\Users\Jordan\Downloads\kis17.0.0.611en_10755.exe 2016-09-10 14:07 - 2016-09-10 14:07 - 06662856 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.21.0_win64-setup.exe 2016-09-08 23:55 - 2016-09-08 23:55 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Synthesia 2016-09-08 23:19 - 2016-09-08 23:19 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia.lnk 2016-09-08 23:19 - 2016-09-08 23:19 - 00001901 _____ C:\Users\Public\Desktop\Synthesia.lnk 2016-09-08 23:19 - 2016-09-08 23:19 - 00000000 ____D C:\Program Files (x86)\Synthesia 2016-09-08 23:17 - 2016-09-08 23:17 - 03786784 _____ (Synthesia LLC) C:\Users\Jordan\Downloads\Synthesia-10.2-installer.exe 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files\M-Audio 2016-09-08 23:16 - 2016-09-08 23:16 - 00000000 ____D C:\Program Files (x86)\M-Audio 2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141 2016-09-08 23:15 - 2016-09-08 23:15 - 00000000 ____D C:\ProgramData\AVID 2016-09-08 23:13 - 2016-09-08 23:13 - 10454301 _____ C:\Users\Jordan\Downloads\MIDISport_Installer_6_1_3_Driver_5_10_0_5141.zip 2016-09-08 22:55 - 2016-09-08 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase Shift 2016-09-08 22:52 - 2016-09-08 23:01 - 00000000 ____D C:\Program Files (x86)\Phase Shift 2016-09-08 22:52 - 2016-09-08 22:52 - 99789162 _____ C:\Users\Jordan\Downloads\ps_release_1.27_lite.exe 2016-09-03 17:04 - 2016-09-03 18:05 - 00000000 ____D C:\Users\Jordan\Documents\Madden NFL 08 2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 __RHD C:\Users\Jordan\AppData\Roaming\SecuROM 2016-09-03 17:03 - 2016-09-03 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports 2016-09-03 16:58 - 2016-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\EA Sports 2016-09-03 16:13 - 2016-09-03 16:13 - 06806328 _____ (Shaul Eizikovich ) C:\Users\Jordan\Downloads\vJoySetup.exe 2016-09-03 16:13 - 2016-02-03 12:24 - 00056440 _____ (Shaul Eizikovich) C:\Windows\system32\Drivers\vjoy.sys 2016-09-03 16:13 - 2016-02-03 12:24 - 00017336 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys 2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0} 2016-09-03 16:12 - 2016-09-03 16:12 - 00003046 _____ C:\Windows\System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F} 2016-09-03 15:44 - 2016-09-03 15:44 - 00000431 _____ C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config 2016-09-03 15:42 - 2016-09-03 16:03 - 00000000 ____D C:\Program Files\WiinUSoft 2016-09-03 15:42 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys 2016-09-03 15:38 - 2016-09-03 15:38 - 48273181 _____ (Justin Keys ) C:\Users\Jordan\Downloads\wiinusoft_2.1.234_setup.exe 2016-09-03 15:35 - 2016-09-03 15:35 - 00947241 _____ C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit.zip 2016-09-03 15:35 - 2016-09-03 15:35 - 00000000 ____D C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit 2016-09-03 15:29 - 2016-09-03 15:29 - 00000000 ____D C:\Users\Jordan\Documents\Dolphin Emulator 2016-09-03 15:25 - 2016-09-03 15:26 - 19327064 _____ C:\Users\Jordan\Downloads\dolphin-x64-5.0.exe 2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ____D C:\Users\Jordan\AppData\Local\ElevatedDiagnostics 2016-09-03 14:30 - 2016-09-03 14:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_HIDWiimote_01009.Wdf 2016-09-03 14:29 - 2016-09-03 14:29 - 00000000 ____D C:\Program Files\DIFX 2016-09-03 14:28 - 2016-09-03 14:28 - 00000000 ____D C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit 2016-09-03 14:19 - 2016-09-03 14:19 - 02022811 _____ C:\Users\Jordan\Downloads\HID-Wiimote_Win-7-8-8.1-10_64Bit.zip 2016-09-03 14:17 - 2016-09-03 14:17 - 03207238 _____ C:\Users\Jordan\Downloads\a32162543a53a6e2e42686f6f464ab7d 2016-09-03 14:17 - 2016-09-03 14:17 - 00134270 _____ C:\Users\Jordan\Downloads\0e8b216bff4b9d5e4f0c679375b5b66e ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-25 17:20 - 2016-08-03 22:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-25 17:19 - 2016-08-05 23:01 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2016-09-25 17:18 - 2016-08-05 22:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-25 17:11 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-25 17:04 - 2016-08-08 17:20 - 00000000 ___RD C:\Users\Jordan\Google Drive 2016-09-25 17:03 - 2016-08-08 13:33 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-25 17:03 - 2016-08-04 05:33 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-25 17:03 - 2016-08-03 22:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-25 17:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-24 18:23 - 2016-08-06 00:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-23 23:36 - 2016-08-14 18:58 - 00000000 ____D C:\Users\Jordan\Documents\Finale Files 2016-09-20 20:49 - 2016-08-03 23:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-20 20:48 - 2016-08-03 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-09-20 20:35 - 2009-07-14 01:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-20 20:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-09-20 11:05 - 2009-07-14 00:45 - 00520024 _____ C:\Windows\system32\FNTCACHE.DAT 2016-09-20 00:59 - 2016-08-08 19:16 - 00000000 ____D C:\Users\Jordan\temp 2016-09-20 00:48 - 2016-08-08 17:50 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2016-09-20 00:46 - 2016-08-08 18:02 - 00000000 ____D C:\Users\Jordan\AppData\Local\Avid 2016-09-20 00:11 - 2016-08-08 18:02 - 00001008 _____ C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-09-20 00:03 - 2016-08-08 20:46 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps 2016-09-19 23:50 - 2016-08-08 19:17 - 00006144 _____ C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-09-19 22:14 - 2016-08-22 00:19 - 00000600 _____ C:\Users\Jordan\AppData\Local\PUTTY.RND 2016-09-19 22:14 - 2016-08-22 00:14 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\FileZilla 2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify 2016-09-19 14:08 - 2016-08-08 21:12 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify 2016-09-19 12:24 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan 2016-09-19 12:09 - 2016-08-20 21:23 - 00000000 ____D C:\Program Files (x86)\Finale 2010 2016-09-19 12:07 - 2016-08-03 22:09 - 00153376 _____ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT 2016-09-19 11:58 - 2016-08-04 05:30 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-19 11:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-09-18 22:21 - 2016-08-03 22:10 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-18 22:21 - 2016-08-03 22:10 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-18 22:07 - 2016-08-08 19:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-12 23:09 - 2016-08-14 18:57 - 00000000 ____D C:\Program Files (x86)\Finale 2014.5 2016-09-12 22:13 - 2016-08-01 08:53 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore 2016-09-12 18:34 - 2016-08-21 09:28 - 00000000 ____D C:\ProgramData\TEMP 2016-09-10 14:36 - 2016-06-20 17:29 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-09-10 14:36 - 2016-06-02 22:39 - 00126360 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-09-10 14:33 - 2016-06-20 17:51 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-09-10 14:19 - 2016-08-05 23:01 - 00000000 ____D C:\Program Files\Common Files\AV 2016-09-10 14:18 - 2016-08-05 22:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-09-10 14:16 - 2016-08-05 22:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-09-08 10:44 - 2016-08-22 00:24 - 00000000 ____D C:\Users\Jordan\Documents\SU NILDRR Research Project 2016-09-03 16:56 - 2016-08-14 23:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-09-03 15:25 - 2016-08-08 20:51 - 00000000 ____D C:\Users\Public\Documents\FsPassengers 2016-09-03 14:28 - 2016-03-03 14:41 - 00025232 _____ C:\Windows\system32\Drivers\HIDWiimote.sys 2016-09-03 14:28 - 2016-03-03 14:41 - 00007744 _____ C:\Windows\system32\Drivers\HIDMiniport.sys ==================== Files in the root of some directories ======= 2016-08-08 18:02 - 2016-09-20 00:11 - 0001008 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt 2016-09-03 15:44 - 2016-09-03 15:44 - 0000431 _____ () C:\Users\Jordan\AppData\Roaming\WiinUSoft_prefs.config 2016-08-08 18:02 - 2016-09-20 00:59 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log 2016-08-08 18:02 - 2016-09-20 00:45 - 0000676 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log 2016-08-08 19:17 - 2016-09-19 23:50 - 0006144 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-22 00:19 - 2016-09-19 22:14 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\Jordan\AppData\Local\Temp\AutoRun.exe C:\Users\Jordan\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jordan\AppData\Local\Temp\drm_dyndata_7330011.dll C:\Users\Jordan\AppData\Local\Temp\EAInstall.dll C:\Users\Jordan\AppData\Local\Temp\madden_inst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION LastRegBack: 2016-09-12 19:19 ==================== End of FRST.txt ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Jordan (25-09-2016 17:39:33) Running from C:\Users\Jordan\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-08-01 12:53:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1466031636-3715157435-865888265-500 - Administrator - Disabled) Guest (S-1-5-21-1466031636-3715157435-865888265-501 - Limited - Disabled) Jordan (S-1-5-21-1466031636-3715157435-865888265-1000 - Administrator - Enabled) => C:\Users\Jordan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 777 Captain (777-200) Base Pack [FSX/SE] 1.70 FSX-SE (HKLM-x32\...\x772_stm) (Version: 1.70 - © 1999-2016 Captain Sim) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Active@ File Recovery 15 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 15 - LSoft Technologies Inc) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.) Eassos PartitionGuru 4.8.0 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair) FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse) Finale (HKLM\...\{48133FCD-8D55-4D52-A668-D1A988FC00C4}) (Version: 25.0.0.6858 - MakeMusic) FsPassengersX for Microsoft Flight Simulator X (HKLM-x32\...\FsPassengersX) (Version: 20160123 - SecondReality Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden ImagePrinter Pro 6.1 (HKLM\...\ImagePrinter Pro 6.1_is1) (Version: - Code Industry Ltd.) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Phase Shift (HKLM-x32\...\Phase Shift) (Version: 1.27 - DWSK) Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation) Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation) Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) RescuePRO Deluxe 5.2.6.1 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 5.2.6.1 - LC Technology International, Inc.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.0.0.11034_5 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-1466031636-3715157435-865888265-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC) Tapspace Virtual Drumline 2.5 (HKLM-x32\...\Tapspace Virtual Drumline 2.5) (Version: - ) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Yodot Recovery Software (HKLM\...\{3D0B1313-049A-4C70-B8CC-9AFB84109F89}_is1) (Version: 1.0.0.3 - Yodot Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-1466031636-3715157435-865888265-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jordan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06C6B8E4-B7F0-4BD7-825C-D5CFC73B6600} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {0B808A52-7A20-4549-84D9-E8207C5C6D37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {28718E29-EDE7-4EC4-895C-3C7BBE42C2B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {49B5C5C7-7D83-41C5-8818-F50FDE66AC22} - System32\Tasks\{3620B627-84D3-4CBC-80C0-AF3BA95C485F} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] () Task: {793D5B8B-86F6-47BB-A961-5EE9754AE934} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation) Task: {85A82A2C-8A86-4952-A8C3-5413EC0A8014} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {962AF98D-44FB-46FD-B4D2-F7F80DE31CD5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation) Task: {BBF864F3-8507-4FA6-A5B2-95D94CEDCAFF} - System32\Tasks\{38529C00-6B47-4D74-9062-D289D6496CF0} => C:\Users\Jordan\Downloads\WiinUPro Beta 7.1 64-Bit\WiinUPro Beta 7.1 64-Bit\WiinUPro.exe [2016-09-03] () Task: {C36A89F9-793F-4433-9D0B-7021DFE09A55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {D68100E6-C929-4806-BFD9-06166D606B75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {D961528C-1B46-4F1C-8578-C5043DB405DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {DB7100B3-7719-4057-B5DF-1F911639133C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {EFDBB2BC-AEB7-45E2-9768-86E73EE83341} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-08-04 05:31 - 2016-07-10 19:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-08-03 23:23 - 2016-09-20 20:45 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-08-03 11:45 - 2016-08-03 11:45 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2011-03-21 11:57 - 2011-03-21 11:57 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 2016-09-18 22:21 - 2016-09-13 22:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll 2016-09-18 22:21 - 2016-09-13 22:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-08-04 05:33 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-08-08 13:33 - 2016-09-07 23:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-08-08 13:33 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-08-08 13:33 - 2016-09-20 15:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-08-08 13:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-08-08 13:33 - 2016-09-20 15:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-08-08 13:33 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00098816 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32api.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00110080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pywintypes27.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00364544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pythoncom27.dll 2016-09-25 17:03 - 2016-09-25 17:03 - 00320512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32com.shell.shell.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00776704 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_hashlib.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01176576 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._core_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00806400 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._gdi_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00816128 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._windows_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01067008 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._controls_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00733184 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._misc_.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00682496 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pysqlite2._sqlite.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ctypes.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00119808 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32file.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00108544 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32security.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00007168 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\hashobjs_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00017920 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\thumbnails_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00088064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\usb_ext.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00012800 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\common.time34.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00018432 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32event.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00167936 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32gui.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00046080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_socket.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 01208320 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_ssl.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00128512 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_elementtree.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00127488 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\pyexpat.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00038912 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32inet.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00036864 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_psutil_windows.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00525208 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\windows._lib_cacheinvalidation.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00011264 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32crypt.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00077312 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._html2.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00027136 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_multiprocessing.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00020480 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\_yappi.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00035840 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32process.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00686080 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\unicodedata.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00078848 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._animate.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00123392 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\wx._wizard.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00024064 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pipe.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00010240 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\select.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00025600 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32pdh.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00017408 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32profile.pyd 2016-09-25 17:03 - 2016-09-25 17:03 - 00022528 ____R () C:\Users\Jordan\AppData\Local\Temp\_MEI41842\win32ts.pyd 2016-08-22 20:08 - 2016-08-22 20:08 - 00055816 _____ () C:\Users\Jordan\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll 2016-08-08 13:33 - 2016-08-04 16:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [212] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1466031636-3715157435-865888265-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BF59ACA1-3D3A-4AFF-9F11-4EA1F5D26493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{69BFF4B4-C284-4F08-92AA-C59B144782BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{89AB3BB3-B9B6-4319-9246-0D22CD7A6B93}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{39AD32C3-0F5C-4790-86B7-66F621380E8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{142BD102-7E4E-43F4-A809-E6E9FE8D7D63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1E67B3CC-A0B9-436E-8883-3FC1A7496860}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2257C3ED-8F7E-4B3D-911A-A040B7BF0BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E7982C6-04A1-4E23-BA6D-E44E7F3A7B15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{33066F06-A818-4487-870C-6E058DD2DFD7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3C535198-2E60-4696-8366-C59E9CC33470}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{293E7EBF-BF06-45F2-BE5B-15A75129C6CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6EF2B778-3670-4CB5-A93C-77A256080C51}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9071145F-39AF-4B15-9D48-5CC7F2FDDA23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{025DD1CF-84DF-4DF0-B708-AA664B19A20B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{56519AEA-C6DA-4ED5-AB86-62E93FDE8A05}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{5446968C-D235-4C26-B7DD-9DD3EFB41672}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe FirewallRules: [{9384BB78-4C10-4E53-A72F-F4081E4C123B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{461AE6E2-5C7A-42A2-85CA-49C5E58AA4DF}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe FirewallRules: [{7A48ED72-57E6-468F-9CDB-B5DC318E54F4}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{D65D0E1F-63B8-4503-87E0-F299F849FE26}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe FirewallRules: [{F2A0A098-75C8-428B-8181-BE4B1B78DAF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C8E8454C-DBDB-419F-BA7D-ACCEB307B56F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5CD73A16-61D5-470A-BAF2-0DA8D829DB44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A6C5B532-3D4D-4A02-9389-DC199AE9DD19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2CD52EA7-912D-4783-A42C-4A40412E3C15}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E86E914A-33E6-4759-879A-9B350C059557}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{D024D31D-BE3C-46F2-800E-18B196FC3D62}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{83B0E116-6B60-462E-90D6-E97CD6EC0C37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-09-2016 14:58:25 Windows Update 12-09-2016 23:08:01 Removed Finale 2014.5 19-09-2016 11:56:13 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 19-09-2016 11:57:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 19-09-2016 11:57:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 19-09-2016 11:59:21 Installed Finale 20-09-2016 01:27:06 Windows Update 21-09-2016 00:57:45 Windows Update ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2016 05:04:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/24/2016 06:16:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/23/2016 08:05:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/23/2016 03:13:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/21/2016 10:33:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 08:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 08:30:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 11:06:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/20/2016 12:02:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1 Exception code: 0xc0000005 Fault offset: 0x5f856666 Faulting process id: 0x1880 Faulting application start time: 0x01d212f3b8ba6d65 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe Faulting module path: Updater.api Report Id: 1dfbc06d-7ee7-11e6-ace4-e06995daf5de Error: (09/20/2016 12:02:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Acrobat.exe, version: 15.17.20050.61080, time stamp: 0x5774fb5a Faulting module name: Updater.api_unloaded, version: 0.0.0.0, time stamp: 0x5774f9f1 Exception code: 0xc0000005 Fault offset: 0x5f86861a Faulting process id: 0x1880 Faulting application start time: 0x01d212f3b8ba6d65 Faulting application path: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe Faulting module path: Updater.api Report Id: 1851ee62-7ee7-11e6-ace4-e06995daf5de System errors: ============= Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/23/2016 08:05:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (09/20/2016 11:11:26 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/19/2016 10:26:24 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (09/18/2016 11:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP17.0.0 service. Error: (09/18/2016 09:58:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect. Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/13/2016 03:37:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect. Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/12/2016 09:03:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 37% Total physical RAM: 8172.31 MB Available physical RAM: 5073.5 MB Total Virtual: 16342.81 MB Available Virtual: 12752.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1397.17 GB) (Free:1224.66 GB) NTFS Drive e: () (Fixed) (Total:149.04 GB) (Free:6.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 564EE687) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 48E2519E) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

I have encountered these things before, posted on this forum and followed the instructions from other members and the scans always find something. I would imagine those would be PUPs, but I would just like to go through the removal process to be sure that my system has not been infected.

Thanks! I noticed you did not provide me with any clean-up/removal instructions. Do I need to do anything else at this point except for obtaining an ad blocker?

Encountered the following popup when visiting a video website. I know this is a scam, just want to check and see if there is any malware in my system. Ran MBAM with no threats detected.

After conducting a full scan, Kaspersky reports no threats found. Here's the results from the MBAM Scan: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/1/2016 Scan Time: 10:30 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.05.01.05 Rootkit Database: v2016.04.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jordan Scan Type: Threat Scan Result: Completed Objects Scanned: 386461 Time Elapsed: 12 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I viewed another sketchy (adult) video and came across a potential malware/PUP attack that opened in a new tab and claimed to be from Microsoft (see first attached image) followed by another "ad" asking to install an HD Video player (see second attached image). I have become more self-aware that these pop-ups may not be malicious as they claim to be, but it's always a good idea to get it checked out.

Thanks for bringing this to my attention. With these errors, I will go ahead and reformat the drive and then reinstall Windows on this computer.

Here are the new logs. FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016Ran by Jordan (administrator) on JORDAN-NBNEW (16-02-2016 21:31:33)Running from C:\Users\Jordan\DesktopLoaded Profiles: Jordan (Available Profiles: Jordan)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files\CyberLink\Shared files\RichVideo64.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe() C:\Windows\System32\igfxTray.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Binary Fortress Software) C:\Program Files (x86)\TrayStatus\TrayStatus.exe(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe() C:\Program Files\Capti\Win32launch.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe(Oracle Corporation) C:\Program Files\Capti\jre\bin\java.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-21] (Dropbox, Inc.)HKU\S-1-5-21-422954117-2227666577-3556670457-1001\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [2700304 2015-11-04] (Binary Fortress Software)HKU\S-1-5-21-422954117-2227666577-3556670457-1001\...\Run: [spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-26] (Spotify Ltd)HKU\S-1-5-21-422954117-2227666577-3556670457-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)HKU\S-1-5-21-422954117-2227666577-3556670457-1001\...\MountPoints2: {4bf5b0ed-cb8c-11e5-9be5-2c56dc156805} - "F:\VZW_Software_upgrade_assistant.exe" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Capti.lnk [2016-01-14]ShortcutTarget: Capti.lnk -> C:\Program Files\Capti\Win32launch.exe ()CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62Tcpip\..\Interfaces\{120f665d-109f-4a21-bef9-dca0e34e9842}: [DhcpNameServer] 209.18.47.61 8.8.8.8Tcpip\..\Interfaces\{1f5e3aad-3128-4ff7-856d-5d24467cd5a1}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-422954117-2227666577-3556670457-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTESearchScopes: HKU\S-1-5-21-422954117-2227666577-3556670457-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation)BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-25] (AO Kaspersky Lab)BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-25] (AO Kaspersky Lab)Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-25] (AO Kaspersky Lab)Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-12] (LastPass)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-02-12] (LastPass)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefoxFF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-25] Chrome: =======CHR DefaultSearchKeyword: Profile 2 -> lpCHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]CHR Extension: (Norton Security Toolbar) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-03]CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]CHR Extension: (PocketSmith - Personal Cashflow Forecasting) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2015-12-26]CHR Extension: (Kaspersky Protection) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-25]CHR Extension: (Norton Home Page for Chrome) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-12-26]CHR Extension: (Google Calendar) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-12-26]CHR Extension: (Zotero Connector) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2015-12-26]CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-25]CHR Extension: (Readium) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-12-26]CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-25]CHR Extension: (Google Calendar (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-12-26]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-12-26]CHR Extension: (Google Keep - notes and lists) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-12-26]CHR Extension: (Page Ruler) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-12-26]CHR Extension: (ChromeVox) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2015-12-26]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-30]CHR Extension: (Google Maps) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-12-26]CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-12-26]CHR Extension: (Norton Safe) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-12-26]CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-25]CHR Extension: (ColorPick Eyedropper) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2015-12-26]CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]CHR Extension: (Checker Plus for Google Drive™) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppfmbnpgflleackdcojndfgpiboghga [2015-12-26]CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 1CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-12]CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-12]CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-12]CHR Extension: (Strong Pass) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ggjgcpohakbfemgjfmoolgpnjpjcdmog [2016-02-04]CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-12]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-12]CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-12]CHR Extension: (ColorPick Eyedropper) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2016-02-06]CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-12]CHR Extension: (UniPass) - C:\Users\Jordan\Downloads\unipass-chrome-extension\unipass-chrome-extension [2016-02-09]CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkkaCHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-422954117-2227666577-3556670457-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jordan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-01-13]CHR HKU\S-1-5-21-422954117-2227666577-3556670457-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkkaCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-25] (Kaspersky Lab ZAO)R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-31] (Dropbox, Inc.)S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-31] (Dropbox, Inc.)R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370088 2015-08-13] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.)S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-06-30] (ASUS Corporation)R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [50696 2015-08-16] (Intel Corporation)R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-25] (AO Kaspersky Lab)R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-25] (AO Kaspersky Lab)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-25] (AO Kaspersky Lab)R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-25] (AO Kaspersky Lab)R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-25] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-18] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-13 21:17 - 2016-02-13 21:17 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\Adobe2016-02-13 21:16 - 2016-02-13 21:16 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2016-02-13 21:16 - 2016-02-13 21:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2016-02-13 21:16 - 2016-02-13 21:16 - 00002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk2016-02-13 21:15 - 2016-02-13 21:17 - 00000000 ____D C:\ProgramData\Adobe2016-02-13 21:15 - 2016-02-13 21:15 - 00000000 ____D C:\Program Files (x86)\Adobe2016-02-13 21:14 - 2016-02-13 21:17 - 00000000 ____D C:\Users\Jordan\AppData\Local\Adobe2016-02-12 12:31 - 2016-02-12 12:31 - 21405208 _____ (LastPass) C:\Users\Jordan\Downloads\lastpass_x64.exe2016-02-09 16:04 - 2016-02-09 16:04 - 00000000 ____D C:\Users\Jordan\Downloads\unipass-chrome-extension2016-02-09 15:42 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2016-02-09 15:42 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2016-02-09 15:42 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2016-02-09 15:42 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2016-02-09 15:42 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2016-02-09 15:42 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2016-02-09 15:42 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2016-02-09 15:42 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe2016-02-09 15:42 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2016-02-09 15:42 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2016-02-09 15:42 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll2016-02-09 15:42 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2016-02-09 15:42 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll2016-02-09 15:42 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe2016-02-09 15:42 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll2016-02-09 15:42 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2016-02-09 15:42 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll2016-02-09 15:42 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2016-02-09 15:42 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll2016-02-09 15:42 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2016-02-09 15:42 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe2016-02-09 15:42 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll2016-02-09 15:42 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2016-02-09 15:42 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys2016-02-09 15:42 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll2016-02-09 15:42 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll2016-02-09 15:42 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll2016-02-09 15:42 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2016-02-09 15:42 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll2016-02-09 15:42 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2016-02-09 15:42 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll2016-02-09 15:42 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2016-02-09 15:42 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll2016-02-09 15:42 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll2016-02-09 15:42 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2016-02-09 15:42 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2016-02-09 15:42 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll2016-02-09 15:42 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2016-02-09 15:42 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2016-02-09 15:42 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll2016-02-09 15:42 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll2016-02-09 15:42 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll2016-02-09 15:42 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2016-02-09 15:42 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll2016-02-09 15:42 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2016-02-09 15:42 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll2016-02-09 15:42 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2016-02-09 15:42 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2016-02-09 15:42 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2016-02-09 15:42 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2016-02-09 15:42 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2016-02-09 15:42 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2016-02-09 15:42 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2016-02-09 15:42 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll2016-02-09 15:42 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2016-02-09 15:42 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll2016-02-09 15:42 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2016-02-09 15:42 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys2016-02-09 15:42 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2016-02-09 15:42 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll2016-02-09 15:42 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2016-02-09 15:42 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2016-02-09 15:42 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2016-02-09 15:42 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll2016-02-09 15:42 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll2016-02-09 15:31 - 2016-02-08 15:51 - 00050526 _____ C:\Users\Jordan\Downloads\unipass-chrome-extension.zip2016-02-08 14:58 - 2016-02-08 14:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf2016-02-08 14:57 - 2016-02-08 14:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2016-02-08 14:51 - 2016-02-08 14:51 - 00000000 ____D C:\Users\Jordan\AppData\Local\Cyberlink2016-02-05 15:00 - 2016-02-05 15:00 - 00852720 _____ C:\Users\Jordan\Desktop\SecurityCheck.exe2016-02-03 21:00 - 2016-02-03 21:00 - 00000000 ____D C:\Users\Default\AppData\Local\Google2016-02-03 21:00 - 2016-02-03 21:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Google2016-02-01 15:28 - 2016-02-01 15:28 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\Temp2016-02-01 07:54 - 2016-02-01 07:54 - 14213136 _____ (EaseUS ) C:\Users\Jordan\Downloads\drw_free.exe2016-02-01 07:54 - 2016-02-01 07:54 - 00001076 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk2016-02-01 07:54 - 2016-02-01 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard2016-02-01 07:54 - 2016-02-01 07:54 - 00000000 ____D C:\Program Files\EaseUS2016-02-01 07:36 - 2016-02-01 07:36 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity2016-02-01 07:35 - 2016-02-01 07:36 - 00527423 _____ ( ) C:\Users\Jordan\Downloads\Lame_v3.99.3_for_Windows.exe2016-01-31 22:53 - 2016-01-31 22:53 - 00448512 _____ (OldTimer Tools) C:\Users\Jordan\Desktop\TFC.exe2016-01-31 22:50 - 2016-01-31 22:50 - 00000000 ____D C:\Users\Jordan\Desktop\RemoveJava2016-01-31 22:49 - 2016-01-31 22:49 - 00165800 _____ C:\Users\Jordan\Desktop\JavaRa-1.16-20-1-14.zip2016-01-30 17:21 - 2016-01-30 17:21 - 00000000 ____D C:\Users\Jordan\AppData\Local\ElevatedDiagnostics2016-01-30 16:18 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll2016-01-30 16:18 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll2016-01-30 16:18 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2016-01-30 16:18 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll2016-01-30 16:18 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2016-01-30 16:18 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll2016-01-30 16:18 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll2016-01-30 16:17 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll2016-01-30 16:17 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2016-01-30 16:17 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2016-01-30 16:17 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2016-01-30 16:17 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll2016-01-30 16:17 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll2016-01-30 16:17 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll2016-01-30 16:17 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2016-01-30 16:17 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2016-01-30 16:17 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2016-01-30 16:17 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe2016-01-30 16:17 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll2016-01-30 16:17 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll2016-01-30 16:17 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2016-01-30 16:17 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll2016-01-30 16:17 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2016-01-30 16:17 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2016-01-30 16:17 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys2016-01-30 16:17 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2016-01-30 16:17 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe2016-01-30 16:17 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys2016-01-30 16:17 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe2016-01-30 16:17 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll2016-01-30 16:17 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll2016-01-30 16:17 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll2016-01-30 16:17 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll2016-01-30 16:17 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll2016-01-30 16:17 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe2016-01-30 16:17 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll2016-01-30 16:17 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe2016-01-30 16:17 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe2016-01-30 16:17 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll2016-01-30 16:17 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll2016-01-30 16:17 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll2016-01-30 16:17 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll2016-01-30 16:17 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll2016-01-30 16:17 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll2016-01-30 16:17 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll2016-01-30 16:17 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll2016-01-30 16:17 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll2016-01-30 16:17 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll2016-01-30 16:17 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2016-01-30 16:17 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll2016-01-30 16:17 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll2016-01-30 16:17 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2016-01-30 16:17 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll2016-01-30 16:17 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll2016-01-30 16:17 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll2016-01-30 16:17 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll2016-01-30 16:17 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2016-01-30 16:17 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll2016-01-30 16:17 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2016-01-30 16:17 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll2016-01-30 16:17 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll2016-01-30 16:17 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll2016-01-30 16:17 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe2016-01-30 16:17 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll2016-01-30 16:17 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll2016-01-30 16:17 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll2016-01-30 16:17 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll2016-01-30 16:17 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe2016-01-30 16:17 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2016-01-30 16:17 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2016-01-30 16:17 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2016-01-30 16:17 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll2016-01-30 16:17 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll2016-01-30 16:17 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe2016-01-30 16:17 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll2016-01-30 16:17 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll2016-01-30 16:17 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll2016-01-30 16:17 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll2016-01-30 16:17 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll2016-01-30 16:17 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2016-01-30 16:17 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll2016-01-30 16:17 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll2016-01-30 16:17 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll2016-01-30 16:17 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll2016-01-30 16:17 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2016-01-30 16:17 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll2016-01-30 16:17 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll2016-01-30 16:17 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll2016-01-30 16:17 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll2016-01-30 16:17 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll2016-01-30 16:17 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll2016-01-30 16:17 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2016-01-30 16:17 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2016-01-30 16:17 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll2016-01-30 16:17 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll2016-01-30 16:17 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll2016-01-30 16:17 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll2016-01-30 16:17 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll2016-01-30 16:17 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll2016-01-30 16:17 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll2016-01-30 16:17 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll2016-01-30 16:17 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll2016-01-30 16:17 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll2016-01-30 16:17 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll2016-01-30 16:17 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll2016-01-30 16:17 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2016-01-30 16:17 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2016-01-30 16:17 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll2016-01-28 17:59 - 2016-01-28 17:59 - 00000000 ____D C:\Users\Jordan\AppData\Local\Audacity2016-01-28 17:57 - 2016-01-28 17:57 - 26496761 _____ (Audacity Team ) C:\Users\Jordan\Downloads\audacity-win-2.1.2.exe2016-01-22 15:21 - 2016-01-22 15:21 - 00696624 _____ (ITS Syracuse University) C:\Users\Jordan\Downloads\sura.exe2016-01-22 15:21 - 2016-01-22 15:21 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\SURA2016-01-19 21:50 - 2016-01-19 21:50 - 00000000 ____D C:\Users\Jordan\AppData\Local\ActiveSync2016-01-19 21:48 - 2016-02-11 18:04 - 00000000 ____D C:\Users\Jordan\AppData\Local\VirtualStore2016-01-19 21:42 - 2016-01-19 21:10 - 00024064 _____ C:\WINDOWS\zoek-delete.exe2016-01-19 21:10 - 2016-01-19 21:40 - 00000000 ____D C:\zoek_backup2016-01-19 20:35 - 2016-01-19 20:35 - 01309184 _____ C:\Users\Jordan\Desktop\zoek.exe2016-01-18 21:08 - 2016-01-18 21:08 - 02370560 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe2016-01-17 22:09 - 2016-01-17 22:09 - 00000000 ____D C:\Program Files (x86)\ESET2016-01-17 22:08 - 2016-01-17 22:08 - 02870984 _____ (ESET) C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe2016-01-17 21:39 - 2016-02-16 21:30 - 00000165 _____ C:\Users\Jordan\AppData\Roaming\sp_data.sys2016-01-17 21:29 - 2016-01-17 21:33 - 00000000 ____D C:\AdwCleaner2016-01-17 21:28 - 2016-01-17 21:28 - 01505280 _____ C:\Users\Jordan\Desktop\AdwCleaner.exe2016-01-17 18:12 - 2016-01-17 18:12 - 00000631 _____ C:\Users\Jordan\Desktop\JRT.txt2016-01-17 18:06 - 2016-01-17 18:06 - 01600184 _____ (Malwarebytes) C:\Users\Jordan\Desktop\JRT.exe2016-01-17 15:59 - 2016-01-17 15:59 - 00000995 _____ C:\Users\Jordan\Desktop\NTREGOPT.lnk2016-01-17 15:59 - 2016-01-17 15:59 - 00000976 _____ C:\Users\Jordan\Desktop\ERUNT.lnk2016-01-17 15:59 - 2016-01-17 15:59 - 00000000 ____D C:\WINDOWS\ERDNT2016-01-17 15:59 - 2016-01-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2016-01-17 15:59 - 2016-01-17 15:59 - 00000000 ____D C:\Program Files (x86)\ERUNT2016-01-17 15:58 - 2016-01-17 15:58 - 00791393 _____ (Lars Hederer ) C:\Users\Jordan\Desktop\erunt-setup.exe2016-01-17 15:55 - 2016-01-17 15:57 - 00003132 _____ C:\Users\Jordan\Desktop\Rkill.txt2016-01-17 15:54 - 2016-01-17 15:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Jordan\Desktop\rkill.exe2016-01-17 12:27 - 2016-01-17 12:27 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk2016-01-17 12:27 - 2016-01-17 12:27 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\Google2016-01-17 12:26 - 2016-01-17 12:26 - 00927824 _____ (Google Inc.) C:\Users\Jordan\Downloads\GoogleEarthSetup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-16 21:34 - 2016-01-01 00:24 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Audacity2016-02-16 21:31 - 2016-01-14 19:41 - 00027052 _____ C:\Users\Jordan\Desktop\FRST.txt2016-02-16 21:31 - 2016-01-14 19:41 - 00000000 ____D C:\FRST2016-02-16 21:31 - 2015-12-31 16:02 - 00000000 ___RD C:\Users\Jordan\Dropbox2016-02-16 21:31 - 2015-12-31 15:59 - 00000000 ____D C:\Users\Jordan\AppData\Local\Dropbox2016-02-16 21:30 - 2015-12-30 18:47 - 00000000 ___RD C:\Users\Jordan\Google Drive2016-02-16 21:29 - 2016-01-11 18:46 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture2016-02-16 21:29 - 2016-01-06 15:03 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat2016-02-16 21:29 - 2015-12-31 16:00 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job2016-02-16 21:29 - 2015-12-25 16:43 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2016-02-16 21:29 - 2015-12-25 15:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab2016-02-16 21:29 - 2015-10-27 18:23 - 00000000 __SHD C:\Users\Jordan\IntelGraphicsProfiles2016-02-15 23:05 - 2015-12-31 16:00 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job2016-02-15 22:58 - 2015-12-25 16:43 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2016-02-15 21:58 - 2015-12-25 15:31 - 00000000 ____D C:\Program Files (x86)\Steam2016-02-15 19:40 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps2016-02-15 19:40 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness2016-02-15 19:37 - 2015-12-25 14:59 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update12016-02-15 19:37 - 2015-10-27 17:27 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update22016-02-13 21:17 - 2015-10-27 18:23 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Adobe2016-02-12 12:33 - 2016-01-05 08:05 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk2016-02-12 12:33 - 2016-01-05 08:05 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass2016-02-12 12:33 - 2016-01-05 08:05 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\LastPass2016-02-12 12:33 - 2016-01-05 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass2016-02-12 12:33 - 2016-01-05 08:04 - 00000000 ____D C:\Program Files (x86)\LastPass2016-02-11 12:00 - 2015-12-25 16:43 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-02-11 12:00 - 2015-12-25 16:43 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2016-02-11 11:43 - 2015-10-27 16:35 - 00000000 __RHD C:\Users\Public\AccountPictures2016-02-11 11:42 - 2016-01-06 15:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-02-11 11:36 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2016-02-10 15:18 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal2016-02-10 15:18 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF2016-02-10 15:18 - 2015-10-30 01:28 - 00000000 ____D C:\Windows2016-02-10 15:17 - 2016-01-13 11:29 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Skype2016-02-09 16:17 - 2015-12-25 15:33 - 00000000 ____D C:\WINDOWS\system32\MRT2016-02-09 16:13 - 2015-12-25 15:33 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2016-02-09 16:13 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp2016-02-08 14:51 - 2015-10-27 17:43 - 00000000 ____D C:\ProgramData\CyberLink2016-02-05 14:13 - 2015-10-27 18:23 - 00000000 ____D C:\Users\Jordan\AppData\Local\Packages2016-02-04 16:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache2016-02-03 21:00 - 2015-12-30 18:45 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk2016-02-03 21:00 - 2015-12-30 18:45 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk2016-02-03 21:00 - 2015-12-30 18:45 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk2016-02-03 21:00 - 2015-12-30 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2016-02-02 11:53 - 2015-12-25 16:43 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2016-02-02 11:53 - 2015-12-25 16:43 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2016-02-02 08:36 - 2016-01-06 15:07 - 00000000 ____D C:\Users\Jordan2016-02-01 07:31 - 2015-08-18 03:36 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F122016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser2016-02-01 03:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr2016-01-28 17:59 - 2016-01-01 00:24 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2016-01-28 17:59 - 2016-01-01 00:24 - 00001078 _____ C:\Users\Public\Desktop\Audacity.lnk2016-01-28 17:59 - 2016-01-01 00:24 - 00000000 ____D C:\Program Files (x86)\Audacity2016-01-28 13:03 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2016-01-28 13:01 - 2015-12-26 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2016-01-18 21:13 - 2015-12-26 00:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2016-01-18 21:12 - 2016-01-14 19:43 - 00047737 _____ C:\Users\Jordan\Desktop\Addition.txt2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\winrm2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\WCN2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\slmgr2016-01-17 18:51 - 2015-10-30 04:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F122016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\dsc2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\MUI2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\migwiz2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Com2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer2016-01-17 18:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender2016-01-17 18:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism2016-01-17 18:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep2016-01-17 18:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism2016-01-17 18:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\servicing2016-01-17 18:17 - 2015-10-30 04:03 - 00000000 ____D C:\WINDOWS\OCR2016-01-17 12:27 - 2015-12-25 16:43 - 00000000 ____D C:\Program Files (x86)\Google ==================== Files in the root of some directories ======= 2016-01-17 21:39 - 2016-02-16 21:30 - 0000165 _____ () C:\Users\Jordan\AppData\Roaming\sp_data.sys2016-01-06 15:03 - 2016-01-06 15:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-06 20:01 ==================== End of FRST.txt ============================ Addition (attached) Addition.txt

I really couldn't take a screenshot of the error message because I receive it as the computer is shutting down. However, I was able to take a picture of the error with my phone's camera. The image is attached.

Here's the latest SecurityCheck log: Results of screen317's Security Check version 1.009 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Kaspersky Total Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome (48.0.2564.103) Google Chrome (48.0.2564.97) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Total Security 16.0.0 avp.exe Kaspersky Lab Kaspersky Total Security 16.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Also the Java error message still appears upon shutdown.

Here's the log from the JavaRa: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 31 22:53:06 2016 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ------------------------------------ Finished reporting.

The only issue I am currently experiencing is an error I receive upon shutdown stating that Java could not start. Specifically, the message reads: "the application was unable to start correctly 0xc0000142."

Here's the log: Results of screen317's Security Check version 1.009 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Kaspersky Total Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome (47.0.2526.106) Google Chrome (47.0.2526.111) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Total Security 16.0.0 avp.exe Kaspersky Lab Kaspersky Total Security 16.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

Here's the log from ZOEK: Zoek.exe v5.0.0.1 Updated 31-December-2015Tool run by Jordan on Tue 01/19/2016 at 21:10:42.23.Microsoft Windows 10 Home 10.0.10586 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Jordan\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 1/19/2016 9:12:09 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\boost_interprocess deleted successfullyC:\PROGRA~3\Comms deleted successfullyC:\Users\Jordan\AppData\Local\ActiveSync deleted successfullyC:\Users\Jordan\AppData\Local\VirtualStore deleted successfullyC:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox" [12/25/2015 03:41 PM] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionseahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka[]hdokiejnpimakedhajhdlcegeplioahd - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsapdfllckaahabafndbhieahigkjlhalf - C:\Users\Jordan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[01/13/2016 11:01 AM]lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Norton Security Toolbar - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpeNorton Home Page for Chrome - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinloheZotero Connector - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgcReadium - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefiflLastPass - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahdGoogle Drive App Launcher - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehGoogle Dictionary (by Google) - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcojaNorton Safe Search as default for Chrome - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicnglChecker Plus for Google Drive™ - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppfmbnpgflleackdcojndfgpiboghgaLastPass - Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd ==== Chromium Fix ====================== C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_c.betrad.com_0.localstorage deleted successfullyC:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_c.betrad.com_0.localstorage deleted successfullyC:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTEHKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTEHKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=21 folders=17 17025257 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptiedC:\Users\Jordan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Tue 01/19/2016 at 21:48:34.89 ======================