Jump to content

Birini

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by Birini

  1. You probably don't care, but I'm getting the same redirect error on Opera now with ads blocked.
  2. I'd like to respectfully submit that there's something more happening with these. No one else that I know who uses Android/Chrome is seeing this yet I now see it every day (from different, unrelated sites). So I'll totally believe that Chrome is more open to the redirect but it seems they are somehow "targeting" me.
  3. Hi, I'm using a brand new Nexus 5X with Project Fi. I've had it about a week and I have only downloaded apps I trust: MLB at bat, Twitter, Steam, Blizzard Authenitcator, Microsoft account, and Clash of Clans. I've also been very careful about the sites I visit. (No Pirate Bay, no porn, etc.) Today I followed a link from twitter to mlbtraderumors.com and found myself staring at a buzzing phone with some sort of a "prize" as a Time Warner customer. (They are my ISP.) When I checked the history, I found the following: data:text/html;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgdXNlci1zY2FsYWJsZT1mYWxzZSwgaW5pdGlhbC1zY2FsZT0xLjAsIG1heGltdW0tc2NhbGU9MS4wIj48L2hlYWQ+PGJvZHk+PGRpdiBpZD0iaWZybSIgc3R5bGU9InBhZGRpbmc6MDsgbWFyZ2luOjA7Ij48aWZyYW1lIHNyYz0iaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL25vdGlmaWNhdGlvbmNlbnRlci91cy9pbnN0YW50d2lubmVyL2c5WFdOb01Kam5NSEN4bW54UHFqWWtORDd6US5odG1sP3NpZD05IiBzdHlsZT0idG9wOjA7IGxlZnQ6MDsgd2lkdGg6MTAwJTsgaGVpZ2h0OjEwMCU7IHBvc2l0aW9uOiBhYnNvbHV0ZTsgYm9yZGVyOjAiIHNjcm9sbGluZz0ieWVzIiBhbGxvd0Z1bGxTY3JlZW49InllcyI+PC9pZnJhbWU+PC9kaXY+PC9ib2R5PjwvaHRtbD4= Which decodes to his: <!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, user-scalable=false, initial-scale=1.0, maximum-scale=1.0"></head><body><div id="ifrm" style="padding:0; margin:0;"><iframe src="https://s3.amazonaws.com/notificationcenter/us/instantwinner/g9XWNoMJjnMHCxmnxPqjYkND7zQ.html?sid" style="top:0; left:0; width:100%; height:100%; position: absolute; border:0" scrolling="yes" allowFullScreen="yes"></iframe></div></body></html> I'm assuming I already have some sort of malware on the phone. Is there any way to get rid of it?
  4. I just tried to visit the malwarebytes blog but instead of typing "blog.malwarebytes.org" I typed "blog.malwarebyte.org." (no "s".) I prompty got redirected to "www.malwarecleaner.co." MBAE didn't detect anything and scans from both MBAM and my anti-virus (Webroot secure anywhere) came up clean. Has anyone else made this mistake? Did you get the same result? Do I have a hidden infection I need to deal with? Thanks
  5. It's been fine since that first problem. I'm assuming it was just something crazy in Windows.
  6. Yeah. It didn't find anything. The instructions said to post the log only " If any threats are found click Details, then View log file... (bottom left hand corner)" Running it again and I'll post the log when it's done.
  7. Sorry for the delay. Crazy week. I didn't get a hit on any of the 3. Logs for MBAM and Adware Cleaner. I'm assuming I either don't have a problem or an extremely new and cleverly built one. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/20/2016 Scan Time: 4:47 PM Logfile: MBAM log.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.03.20.05 Rootkit Database: v2016.03.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Mike Scan Type: Threat Scan Result: Completed Objects Scanned: 340184 Time Elapsed: 6 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v5.102 - Logfile created 16/03/2016 at 14:00:50 # Updated 13/03/2016 by Xplode # Database : 2016-03-16.1 [Server] # Operating system : Windows 10 Home (x64) # Username : Mike - DESKTOP-36966RJ # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [597 bytes] - [16/03/2016 14:00:50] ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [689 bytes] ##########
  8. I'm not sure what's going on here. I turned on my computer tonight -- after a few days of being away -- and when I tried to link to workplace's web outlook account, I instead got redirected to lotame.com. I did some Google digging, and it appears that's been associated with malware in the past. When I tried to run Malwarebytes, it didn't automatically update virus definitions. I did it manually, and it didn't find anything. I rebooted my computer and everything went away. That's good but I'm kinda concerned that something may be lurking in the background. I've attached the logs. Can you see a problem here: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Mike (administrator) on DESKTOP-36966RJ (15-03-2016 23:35:11) Running from C:\Users\Mike\Desktop Loaded Profiles: Mike (Available Profiles: Mike) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\SysWOW64\ASGT.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (TODO: <Company name>) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe (Webroot) C:\ProgramData\WRData\PKG\npwebroot.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKU\S-1-5-21-1429111364-1358436674-1010729600-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-02-12] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{025a5f11-6f21-4265-9142-cf6afa6197cd}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-28] (Microsoft Corporation) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-12] (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2016-03-03] (Webroot) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-02-28] (Microsoft Corporation) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-12] (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2016-03-03] (Webroot) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-12] (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-12] (Webroot) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-28] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12] CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12] CHR Extension: (Adblock Plus) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12] CHR Extension: (Google Play Music) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-03-10] CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12] CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-12] CHR Extension: (Webroot Filtering Extension) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-03-10] CHR Extension: (Webroot Password Manager) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-02-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-08-18] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] () R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-24] (ASUSTeK Computer Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation) R3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-02-12] (Webroot) R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45592 2016-03-03] (Webroot) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-15 23:35 - 2016-03-15 23:35 - 00016286 _____ C:\Users\Mike\Desktop\FRST.txt 2016-03-15 23:35 - 2016-03-15 23:35 - 00000000 ____D C:\FRST 2016-03-15 23:32 - 2016-03-15 23:35 - 02374144 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe 2016-03-15 23:32 - 2016-03-15 23:32 - 02374144 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2016-03-13 15:28 - 2016-03-13 15:28 - 00000000 ____D C:\ProgramData\LogiShrd 2016-03-13 15:27 - 2016-03-13 15:27 - 00000000 ____D C:\Users\Mike\AppData\Local\Logitech 2016-03-13 15:26 - 2016-03-13 15:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2016-03-13 15:26 - 2016-03-13 15:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Logitech 2016-03-13 15:26 - 2016-03-13 15:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Logishrd 2016-03-13 15:26 - 2016-03-13 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-03-13 15:26 - 2016-03-13 15:26 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2016-03-13 15:25 - 2016-03-13 15:26 - 111797776 _____ (Logitech Inc.) C:\Users\Mike\Downloads\LGS_8.81.15_x64_Logitech.exe 2016-03-13 08:26 - 2016-03-13 08:26 - 00000022 _____ C:\Windows\GPU-Z.INI 2016-03-13 08:21 - 2016-03-13 08:21 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-03-13 08:21 - 2016-03-13 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0 2016-03-13 08:21 - 2016-03-13 08:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-13 08:21 - 2016-03-08 01:05 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-03-13 08:21 - 2016-02-13 20:47 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-03-13 08:21 - 2016-02-13 20:46 - 00126232 _____ C:\Windows\system32\vulkan-1.dll 2016-03-13 08:21 - 2016-02-13 20:45 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe 2016-03-13 08:21 - 2016-02-13 20:45 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-03-13 08:20 - 2016-03-08 05:27 - 42968120 _____ C:\Windows\system32\nvcompiler.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 37609528 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 22971960 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 21322480 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 20863920 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 18906048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 17732960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 17368424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 17325400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 17320280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 10547128 _____ C:\Windows\system32\nvptxJitCompiler.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 08657936 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 02613696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 02257344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436451.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436451.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00955328 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00885184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00786872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00750016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00692160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00632152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00545632 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00448824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00385080 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00379296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00346560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00317656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-03-13 08:20 - 2016-03-08 05:27 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-03-12 15:04 - 2016-03-12 16:33 - 01761049 _____ C:\Users\Mike\Documents\The Gender Wage Gap AI.pptx 2016-03-12 15:03 - 2016-03-12 15:04 - 01800020 _____ C:\Users\Mike\Downloads\The Gender Wage Gap Job Market.pptx 2016-03-09 13:22 - 2016-03-09 13:53 - 00019722 _____ C:\Users\Mike\Documents\enrollrates1910.dta 2016-03-08 23:46 - 2016-03-03 07:16 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436447.dll 2016-03-08 23:46 - 2016-03-03 07:16 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436447.dll 2016-03-08 23:46 - 2016-03-03 07:16 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-03-08 23:46 - 2016-03-03 07:16 - 00000139 _____ C:\Windows\system32\nv-vk64.json 2016-03-08 21:47 - 2016-03-09 13:24 - 00000827 _____ C:\Users\Mike\Documents\first stage enrollment.do 2016-03-08 21:46 - 2016-03-08 21:54 - 00015343 _____ C:\Users\Mike\Documents\enrollment1910.dta 2016-03-08 15:55 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-03-08 15:55 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-03-08 15:55 - 2016-02-24 04:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-03-08 15:55 - 2016-02-24 04:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-03-08 15:55 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-03-08 15:55 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll 2016-03-08 15:55 - 2016-02-24 04:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-03-08 15:55 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-08 15:55 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2016-03-08 15:55 - 2016-02-24 03:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll 2016-03-08 15:55 - 2016-02-24 03:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-03-08 15:55 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2016-03-08 15:55 - 2016-02-24 03:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2016-03-08 15:55 - 2016-02-24 03:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys 2016-03-08 15:55 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll 2016-03-08 15:55 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2016-03-08 15:55 - 2016-02-24 01:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll 2016-03-08 15:55 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll 2016-03-08 15:55 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll 2016-03-08 15:55 - 2016-02-24 01:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2016-03-08 15:55 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll 2016-03-08 15:55 - 2016-02-24 01:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2016-03-08 15:55 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll 2016-03-08 15:55 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll 2016-03-08 15:55 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll 2016-03-08 15:55 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe 2016-03-08 15:55 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll 2016-03-08 15:55 - 2016-02-24 01:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll 2016-03-08 15:55 - 2016-02-24 01:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-08 15:55 - 2016-02-24 01:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2016-03-08 15:55 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll 2016-03-08 15:55 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll 2016-03-08 15:55 - 2016-02-24 00:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2016-03-08 15:55 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2016-03-08 15:55 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-08 15:55 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-03-08 15:55 - 2016-02-24 00:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-08 15:55 - 2016-02-24 00:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-03-08 15:55 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-08 15:55 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-08 15:55 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2016-03-08 15:55 - 2016-02-23 23:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2016-03-08 15:54 - 2016-02-24 04:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-08 15:54 - 2016-02-24 04:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-08 15:54 - 2016-02-24 04:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-08 15:54 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-08 15:54 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-03-08 15:54 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll 2016-03-08 15:54 - 2016-02-24 03:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-03-08 15:54 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2016-03-08 15:54 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-08 15:54 - 2016-02-24 03:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll 2016-03-08 15:54 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-08 15:54 - 2016-02-24 03:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-03-08 15:54 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll 2016-03-08 15:54 - 2016-02-24 03:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2016-03-08 15:54 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2016-03-08 15:54 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2016-03-08 15:54 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-03-08 15:54 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll 2016-03-08 15:54 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll 2016-03-08 15:54 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll 2016-03-08 15:54 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2016-03-08 15:54 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll 2016-03-08 15:54 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll 2016-03-08 15:54 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2016-03-08 15:54 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll 2016-03-08 15:54 - 2016-02-24 02:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-08 15:54 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2016-03-08 15:54 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2016-03-08 15:54 - 2016-02-24 02:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-03-08 15:54 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2016-03-08 15:54 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll 2016-03-08 15:54 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-08 15:54 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll 2016-03-08 15:54 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll 2016-03-08 15:54 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll 2016-03-08 15:54 - 2016-02-24 02:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll 2016-03-08 15:54 - 2016-02-24 02:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll 2016-03-08 15:54 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll 2016-03-08 15:54 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-08 15:54 - 2016-02-24 02:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-08 15:54 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll 2016-03-08 15:54 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll 2016-03-08 15:54 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll 2016-03-08 15:54 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll 2016-03-08 15:54 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2016-03-08 15:54 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll 2016-03-08 15:54 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll 2016-03-08 15:54 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll 2016-03-08 15:54 - 2016-02-24 02:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2016-03-08 15:54 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-03-08 15:54 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll 2016-03-08 15:54 - 2016-02-24 02:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll 2016-03-08 15:54 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll 2016-03-08 15:54 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll 2016-03-08 15:54 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll 2016-03-08 15:54 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll 2016-03-08 15:54 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll 2016-03-08 15:54 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll 2016-03-08 15:54 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll 2016-03-08 15:54 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll 2016-03-08 15:54 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll 2016-03-08 15:54 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll 2016-03-08 15:54 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2016-03-08 15:54 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll 2016-03-08 15:54 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe 2016-03-08 15:54 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll 2016-03-08 15:54 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2016-03-08 15:54 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll 2016-03-08 15:54 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll 2016-03-08 15:54 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll 2016-03-08 15:54 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-08 15:54 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll 2016-03-08 15:54 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-03-08 15:54 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll 2016-03-08 15:54 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll 2016-03-08 15:54 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll 2016-03-08 15:54 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll 2016-03-08 15:54 - 2016-02-24 01:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2016-03-08 15:54 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2016-03-08 15:54 - 2016-02-24 01:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll 2016-03-08 15:54 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-08 15:54 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll 2016-03-08 15:54 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll 2016-03-08 15:54 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll 2016-03-08 15:54 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe 2016-03-08 15:54 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-08 15:54 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2016-03-08 15:54 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2016-03-08 15:54 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll 2016-03-08 15:54 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll 2016-03-08 15:54 - 2016-02-24 01:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2016-03-08 15:54 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll 2016-03-08 15:54 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll 2016-03-08 15:54 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll 2016-03-08 15:54 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll 2016-03-08 15:54 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll 2016-03-08 15:54 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll 2016-03-08 15:54 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll 2016-03-08 15:54 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll 2016-03-08 15:54 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll 2016-03-08 15:54 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll 2016-03-08 15:54 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2016-03-08 15:54 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll 2016-03-08 15:54 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll 2016-03-08 15:54 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2016-03-08 15:54 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll 2016-03-08 15:54 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2016-03-08 15:54 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll 2016-03-08 15:54 - 2016-02-24 00:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2016-03-08 15:54 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll 2016-03-08 15:54 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll 2016-03-08 00:11 - 2016-03-08 00:12 - 00004963 _____ C:\Users\Mike\Documents\law rural skilled farmer same base dropped obs occ_controls quadratic.do 2016-03-08 00:02 - 2016-03-08 00:02 - 00004920 _____ C:\Users\Mike\Documents\law rural skilled farmer same base dropped obs occ_controls.do 2016-03-07 23:58 - 2016-03-08 00:18 - 00036512 _____ C:\Users\Mike\Documents\SchoolAccess_Tables_Controls 2.xlsx 2016-03-07 20:07 - 2016-03-09 13:53 - 00038116 _____ C:\Users\Mike\Documents\enroll rates fixed.xlsx 2016-03-05 19:40 - 2016-03-05 19:40 - 00000222 _____ C:\Users\Mike\Desktop\Grim Dawn.url 2016-03-05 17:49 - 2016-03-10 01:11 - 00027916 _____ C:\Users\Mike\Documents\SchoolAccess_chart_fixed.xlsx 2016-03-05 17:38 - 2016-03-05 17:38 - 00000294 _____ C:\Users\Mike\Documents\first stage test.do 2016-03-05 17:11 - 2016-03-05 17:13 - 00004920 _____ C:\Users\Mike\Documents\law rural skilled farmer same base dropped obs occ_countrols.do 2016-03-05 17:03 - 2016-03-06 23:02 - 00003719 _____ C:\Users\Mike\Documents\access compare individual groups dropped obs.do 2016-03-05 16:20 - 2016-03-05 21:45 - 00015968 _____ C:\Users\Mike\Downloads\tax rates fixed.xlsx 2016-03-04 20:30 - 2016-03-08 00:14 - 00003311 _____ C:\Users\Mike\Documents\access compare groups dropped obs.do 2016-03-04 20:12 - 2016-03-05 17:20 - 00003673 _____ C:\Users\Mike\Documents\access county chart dropped obs.do 2016-03-04 19:46 - 2016-03-04 19:46 - 00012258 _____ C:\Users\Mike\Documents\tax rates.xlsx 2016-03-04 19:22 - 2016-03-05 16:55 - 00004487 _____ C:\Users\Mike\Documents\law rural skilled farmer same base dropped obs.do 2016-03-04 19:21 - 2016-03-09 13:53 - 00006770 _____ C:\Users\Mike\Documents\taxratesstarted.dta 2016-03-04 18:54 - 2016-03-05 16:25 - 00000704 _____ C:\Users\Mike\Documents\taxratesetup.do 2016-03-04 18:45 - 2016-03-05 16:24 - 00005033 _____ C:\Users\Mike\Documents\taxrates.dta 2016-03-04 18:37 - 2016-03-04 19:45 - 00012262 _____ C:\Users\Mike\Downloads\tax rates.xlsx 2016-03-03 22:47 - 2016-03-07 01:07 - 00012708 _____ C:\Users\Mike\Documents\comparing DD groupings.xlsx 2016-03-03 15:14 - 2016-03-03 15:14 - 00005694 _____ C:\Users\Mike\Documents\law revenue rural RPC skilled farmer restricted.do 2016-03-03 15:10 - 2016-03-03 15:12 - 00004440 _____ C:\Users\Mike\Documents\law rural skilled farmer same base.do 2016-03-02 22:50 - 2016-03-05 17:39 - 00001722 _____ C:\Users\Mike\Documents\Trends schoolaccess compare.do 2016-03-02 20:48 - 2016-03-03 23:25 - 00002069 _____ C:\Users\Mike\Documents\access county chart.do 2016-03-02 20:16 - 2016-03-03 04:15 - 00004383 _____ C:\Users\Mike\Documents\law rural skilled farmer quadratic.do 2016-03-02 19:59 - 2016-03-03 04:15 - 00001235 _____ C:\Users\Mike\Documents\attendance first stage.do 2016-03-02 17:52 - 2016-03-02 21:38 - 00002751 _____ C:\Users\Mike\Documents\access compare groups.do 2016-03-02 13:19 - 2016-03-02 13:19 - 00195550 _____ C:\Users\Mike\Downloads\Moody_Evals_2015.pdf 2016-03-02 13:19 - 2016-03-02 13:19 - 00124395 _____ C:\Users\Mike\Downloads\WV Cover Letter.pdf 2016-03-01 17:26 - 2016-02-23 06:27 - 02654872 _____ C:\Windows\system32\CoreUIComponents.dll 2016-03-01 17:26 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-03-01 17:26 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-03-01 17:26 - 2016-02-23 05:34 - 01859960 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2016-03-01 17:26 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-03-01 17:26 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2016-03-01 17:26 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2016-03-01 17:26 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2016-03-01 17:26 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2016-03-01 17:26 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2016-03-01 17:26 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2016-03-01 17:26 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-03-01 17:26 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-03-01 17:26 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-03-01 17:26 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2016-03-01 17:26 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2016-03-01 17:26 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-01 17:26 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-03-01 17:26 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll 2016-03-01 17:26 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-03-01 17:26 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-03-01 17:26 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll 2016-03-01 17:26 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll 2016-03-01 17:26 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2016-03-01 17:26 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2016-03-01 17:26 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll 2016-03-01 17:26 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-03-01 17:26 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll 2016-03-01 17:26 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll 2016-03-01 17:26 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll 2016-03-01 17:26 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll 2016-03-01 17:26 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-03-01 17:26 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-03-01 17:26 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll 2016-03-01 17:26 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll 2016-03-01 17:26 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2016-03-01 17:26 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-03-01 17:26 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-03-01 17:26 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-03-01 17:26 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-03-01 17:26 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-03-01 17:26 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-01 17:26 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2016-03-01 17:26 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-01 17:26 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-03-01 17:26 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2016-03-01 17:26 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll 2016-03-01 17:26 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2016-03-01 17:26 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2016-03-01 17:25 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-03-01 17:25 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-03-01 17:25 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-03-01 17:25 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-03-01 17:25 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys 2016-03-01 17:25 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2016-03-01 17:25 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2016-03-01 17:25 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2016-03-01 17:25 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2016-03-01 17:25 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2016-03-01 17:25 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll 2016-03-01 17:25 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll 2016-03-01 17:25 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll 2016-03-01 17:25 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll 2016-03-01 17:25 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-01 17:25 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll 2016-03-01 17:25 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-03-01 17:25 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-03-01 17:25 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2016-03-01 17:25 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2016-03-01 17:25 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll 2016-03-01 17:25 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll 2016-03-01 17:25 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll 2016-03-01 17:25 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2016-03-01 17:25 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-01 17:25 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll 2016-03-01 17:25 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2016-03-01 17:25 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll 2016-03-01 17:25 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys 2016-03-01 17:25 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys 2016-03-01 17:25 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll 2016-03-01 17:25 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll 2016-03-01 17:25 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll 2016-03-01 17:25 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe 2016-03-01 17:25 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll 2016-03-01 17:25 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll 2016-03-01 17:25 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2016-03-01 17:25 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-03-01 17:25 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll 2016-03-01 17:25 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll 2016-03-01 17:25 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2016-03-01 17:25 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys 2016-03-01 17:25 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll 2016-03-01 17:25 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll 2016-03-01 17:25 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe 2016-03-01 17:25 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2016-03-01 17:25 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll 2016-03-01 17:25 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll 2016-03-01 17:25 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll 2016-03-01 17:25 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll 2016-03-01 17:25 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll 2016-03-01 17:25 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll 2016-03-01 17:25 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll 2016-03-01 17:25 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2016-03-01 17:25 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll 2016-03-01 17:25 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll 2016-03-01 17:25 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2016-03-01 17:25 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll 2016-03-01 17:25 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe 2016-03-01 17:25 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2016-03-01 17:25 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll 2016-03-01 17:25 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe 2016-03-01 17:25 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2016-03-01 17:25 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll 2016-03-01 17:25 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-03-01 17:25 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll 2016-03-01 17:25 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll 2016-03-01 17:25 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-03-01 17:25 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll 2016-03-01 17:25 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2016-03-01 17:25 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll 2016-03-01 17:25 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll 2016-03-01 17:25 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe 2016-03-01 17:25 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2016-03-01 17:25 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2016-03-01 17:25 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2016-03-01 17:25 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2016-03-01 17:25 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll 2016-03-01 17:25 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll 2016-03-01 17:25 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2016-03-01 17:25 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2016-03-01 17:25 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2016-03-01 17:25 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2016-03-01 17:25 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2016-03-01 17:25 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2016-03-01 17:25 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-03-01 17:25 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll 2016-03-01 17:25 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll 2016-03-01 17:25 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll 2016-03-01 17:25 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll 2016-03-01 17:25 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll 2016-03-01 17:25 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll 2016-03-01 17:25 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2016-03-01 17:25 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll 2016-03-01 17:25 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll 2016-03-01 17:25 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-03-01 17:25 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2016-03-01 17:25 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-03-01 17:25 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll 2016-03-01 17:25 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-03-01 17:25 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2016-03-01 17:25 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll 2016-03-01 17:25 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2016-03-01 17:25 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2016-03-01 17:25 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll 2016-03-01 17:25 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll 2016-03-01 17:25 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-03-01 17:25 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2016-03-01 17:25 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2016-03-01 17:25 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll 2016-03-01 17:25 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll 2016-03-01 17:25 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2016-03-01 17:25 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll 2016-03-01 17:25 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2016-03-01 17:25 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2016-03-01 17:25 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll 2016-03-01 17:25 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-03-01 17:25 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2016-03-01 17:25 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2016-03-01 17:25 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2016-03-01 17:25 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2016-03-01 17:25 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2016-03-01 17:25 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2016-03-01 17:25 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2016-03-01 17:25 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2016-03-01 17:25 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2016-03-01 17:25 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2016-03-01 17:25 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll 2016-03-01 17:25 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll 2016-03-01 17:25 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe 2016-03-01 15:51 - 2016-03-01 15:51 - 00284144 _____ C:\Users\Mike\Downloads\2016-03-01 - The Donald and The Terminator - WSJ.pdf 2016-02-29 17:56 - 2016-02-29 17:56 - 00090070 _____ C:\Users\Mike\Downloads\CV 216.pdf 2016-02-29 17:56 - 2016-02-29 17:56 - 00052019 _____ C:\Users\Mike\Downloads\DePauw.pdf 2016-02-29 17:56 - 2016-02-29 17:56 - 00042778 _____ C:\Users\Mike\Downloads\Teaching Statement.pdf 2016-02-29 17:55 - 2016-02-29 17:55 - 00789805 _____ C:\Users\Mike\Downloads\Transcripts.pdf 2016-02-29 16:09 - 2016-02-29 16:09 - 00000222 _____ C:\Users\Mike\Desktop\Marvel Heroes 2016.url 2016-02-29 15:55 - 2016-02-29 15:55 - 11833463 _____ C:\Users\Mike\Documents\teachers_1926_1935_gender.dta 2016-02-29 15:00 - 2016-02-29 15:00 - 00000000 ____D C:\Users\Mike\AppData\Local\Microsoft Help 2016-02-29 13:54 - 2016-02-29 16:36 - 08163449 _____ C:\Users\Mike\Documents\teacher_gender_MMedits_macros_all.xlsm 2016-02-28 12:39 - 2016-02-28 17:21 - 00116013 _____ C:\Users\Mike\Documents\Moody_GenderWageGap2016.pdf 2016-02-27 21:12 - 2016-02-27 21:12 - 00000222 _____ C:\Users\Mike\Desktop\Alien Isolation.url 2016-02-27 20:51 - 2016-02-27 20:51 - 00000000 ____D C:\Users\Mike\AppData\Local\The Lord of the Rings Online 2016-02-27 20:48 - 2016-03-01 21:10 - 00000000 ____D C:\Users\Mike\Documents\The Lord of the Rings Online 2016-02-27 20:48 - 2016-02-27 20:50 - 00000000 ____D C:\Users\Mike\AppData\Local\Turbine 2016-02-27 20:48 - 2016-02-27 20:48 - 00000000 ____D C:\Users\Mike\AppData\Local\ApplicationHistory 2016-02-27 20:47 - 2016-02-27 20:47 - 00896880 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-02-27 20:47 - 2016-02-27 20:47 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP 2016-02-27 20:19 - 2016-02-27 20:47 - 00000226 _____ C:\Users\Mike\Desktop\The Lord of the Rings Online.url 2016-02-27 19:41 - 2016-03-05 15:36 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2016-02-27 19:41 - 2016-02-27 19:41 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-02-27 19:41 - 2016-02-27 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-02-27 19:41 - 2016-02-27 19:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-02-27 19:40 - 2016-02-27 19:40 - 30510920 _____ C:\Users\Mike\Downloads\vlc-2.2.2-win32.exe 2016-02-26 19:06 - 2016-02-26 19:06 - 00629087 _____ C:\Users\Mike\Downloads\Statement_Feb 2016.pdf 2016-02-25 23:39 - 2016-02-25 23:39 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Macromedia 2016-02-25 23:26 - 2016-02-25 23:26 - 00112004 _____ C:\Users\Mike\Documents\Moody_CFT_Letter_2016.pdf 2016-02-23 21:47 - 2016-02-23 21:50 - 00114369 _____ C:\Users\Mike\Documents\SchoolAccess_1page.pdf 2016-02-22 02:48 - 2016-02-22 02:48 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\Mike\Downloads\ffxivsetup_ft.exe 2016-02-21 21:43 - 2016-02-21 21:44 - 00000000 ____D C:\Users\Mike\AppData\Roaming\RIFT 2016-02-21 21:43 - 2016-02-21 21:43 - 00000000 ____D C:\Users\Mike\Documents\RIFT 2016-02-21 20:53 - 2016-02-21 20:53 - 00000221 _____ C:\Users\Mike\Desktop\RIFT.url 2016-02-21 16:11 - 2016-02-22 01:13 - 00034875 _____ C:\Users\Mike\Documents\SchoolAccess_Tables_Controls.xlsx 2016-02-21 01:50 - 2016-02-21 01:50 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Sony Online Entertainment 2016-02-21 01:47 - 2016-02-21 01:47 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Daybreak Game Company 2016-02-21 01:47 - 2016-02-21 01:47 - 00000000 ____D C:\Users\Mike\AppData\Local\SCE 2016-02-21 01:47 - 2016-02-21 01:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Daybreak Game Company 2016-02-21 00:53 - 2016-02-21 00:53 - 00000222 _____ C:\Users\Mike\Desktop\EverQuest II.url 2016-02-21 00:02 - 2016-02-21 00:02 - 02993208 _____ (Blizzard Entertainment) C:\Users\Mike\Downloads\World-of-Warcraft-Setup.exe 2016-02-20 20:21 - 2016-02-21 17:19 - 00004340 _____ C:\Users\Mike\Documents\law rural skilled farmer.do 2016-02-20 20:14 - 2016-02-21 19:17 - 00005594 _____ C:\Users\Mike\Documents\law revenue rural RPC skilled farmer.do 2016-02-20 13:11 - 2016-02-20 13:11 - 00000000 ____D C:\Users\Mike\AppData\Local\Downloaded Installations 2016-02-20 13:11 - 2016-02-20 13:11 - 00000000 ____D C:\Program Files (x86)\AMD 2016-02-20 01:09 - 2016-02-09 03:25 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436191.dll 2016-02-20 01:09 - 2016-02-09 03:25 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436191.dll 2016-02-19 12:41 - 2016-02-19 12:44 - 00005452 _____ C:\Users\Mike\Documents\law revenue rural RPC 3.do 2016-02-19 01:39 - 2016-02-19 02:01 - 00005189 _____ C:\Users\Mike\Documents\law revenue rural RPC 2.do 2016-02-19 01:27 - 2016-02-19 01:48 - 00004982 _____ C:\Users\Mike\Documents\law revenue rural RPC.do 2016-02-17 20:25 - 2016-02-19 17:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\NVIDIA 2016-02-17 18:38 - 2016-03-15 22:58 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CD66DD56-1613-4094-BF75-97D153DBF394} 2016-02-17 17:55 - 2016-02-19 01:59 - 00005866 _____ C:\Users\Mike\Documents\law rural.do 2016-02-17 17:53 - 2016-02-18 14:31 - 00004823 _____ C:\Users\Mike\Documents\law revenue rural.do 2016-02-17 11:13 - 2016-02-17 11:13 - 00006226 _____ C:\Users\Mike\Downloads\xdm_iframe 2016-02-16 17:01 - 2016-02-18 14:33 - 00025915 _____ C:\Users\Mike\Documents\SchoolAccess_Tables.xlsx 2016-02-16 15:51 - 2016-02-16 18:44 - 00004733 _____ C:\Users\Mike\Documents\law revenue.do 2016-02-16 14:33 - 2016-02-16 14:33 - 00000000 ____D C:\Stata11 2016-02-15 19:26 - 2016-03-01 20:34 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps 2016-02-14 17:58 - 2016-02-14 17:58 - 00000000 ____D C:\Users\Mike\AppData\Local\My Games ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-15 23:28 - 2016-02-12 02:22 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-15 23:28 - 2016-02-12 02:22 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-15 23:28 - 2016-02-12 02:22 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-15 23:27 - 2016-02-12 02:31 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-03-15 23:21 - 2016-02-12 02:07 - 00891772 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-15 23:21 - 2015-10-30 02:21 - 00000000 ____D C:\Windows\INF 2016-03-15 23:17 - 2016-02-12 12:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-15 23:15 - 2016-02-12 02:34 - 00000000 ____D C:\Program Files (x86)\Steam 2016-03-15 23:15 - 2016-02-12 02:24 - 00000000 ____D C:\ProgramData\WRData 2016-03-15 23:15 - 2016-02-12 02:22 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-15 23:15 - 2016-02-12 02:08 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-15 23:15 - 2016-02-12 02:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-15 23:14 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-15 23:08 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-15 23:07 - 2016-02-12 01:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-03-15 23:00 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-15 23:00 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness 2016-03-13 17:33 - 2016-02-12 01:19 - 00000000 ____D C:\Users\Mike\Documents\Cover Letters 2016-03-13 08:21 - 2016-02-12 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-13 08:20 - 2016-02-12 02:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-12 15:04 - 2016-02-12 02:03 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages 2016-03-11 11:45 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp 2016-03-11 00:04 - 2016-02-12 02:05 - 00002364 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-11 00:04 - 2016-02-12 02:05 - 00000000 ___RD C:\Users\Mike\OneDrive 2016-03-09 22:19 - 2015-07-13 21:45 - 12653504 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-03-08 23:16 - 2016-02-12 02:00 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-08 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-08 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-08 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-08 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-03-08 16:36 - 2016-02-12 11:11 - 00000000 ____D C:\Windows\system32\MRT 2016-03-08 16:33 - 2016-02-12 11:11 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-08 05:27 - 2016-02-12 02:18 - 14226864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-03-08 05:27 - 2016-02-12 02:18 - 03259176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-03-08 05:27 - 2015-07-13 21:45 - 20061152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-03-08 05:27 - 2015-07-13 21:45 - 03681672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-03-08 05:27 - 2015-07-13 21:45 - 00037702 _____ C:\Windows\system32\nvinfo.pb 2016-03-08 02:12 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-08 02:12 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-08 01:42 - 2016-02-12 02:25 - 00530880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-03-08 01:42 - 2016-02-12 02:25 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-03-08 01:42 - 2016-02-12 02:08 - 06371384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-03-08 01:42 - 2016-02-12 02:08 - 02992576 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-03-08 01:42 - 2016-02-12 02:08 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-03-08 01:42 - 2016-02-12 02:08 - 01264064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-03-08 01:42 - 2016-02-12 02:08 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-03-08 01:42 - 2016-02-12 02:08 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-03-06 23:22 - 2016-02-12 02:08 - 06203411 _____ C:\Windows\system32\nvcoproc.bin 2016-03-06 12:31 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\rescache 2016-03-06 02:23 - 2016-02-12 02:03 - 00000000 ____D C:\Users\Mike 2016-03-05 19:46 - 2016-02-12 02:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-05 19:46 - 2016-02-12 01:19 - 00000000 ____D C:\Users\Mike\Documents\my games 2016-03-05 19:40 - 2016-02-12 23:28 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-05 19:15 - 2016-02-12 01:20 - 00001630 _____ C:\Users\Mike\Documents\Trends schoolaccess.do 2016-03-03 12:02 - 2016-02-12 02:24 - 00045592 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys 2016-03-03 12:02 - 2016-02-12 02:03 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-03-03 04:16 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 __RSD C:\Windows\Media 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PurchaseDialog 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr 2016-03-03 04:16 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-03-03 04:16 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism 2016-02-27 20:47 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Registration 2016-02-27 12:57 - 2016-02-12 02:24 - 00181688 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2016-02-27 12:57 - 2016-02-12 02:24 - 00117304 _____ (Webroot) C:\Windows\system32\WRusr.dll 2016-02-24 11:53 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat 2016-02-21 17:18 - 2016-02-12 01:20 - 00020926 _____ C:\Users\Mike\Documents\SchoolAccess_chart.xlsx 2016-02-20 20:44 - 2016-02-12 01:20 - 00000000 ____D C:\Users\Mike\Documents\Witcher 2 2016-02-20 01:07 - 2016-02-12 02:20 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2016-02-20 01:07 - 2016-02-12 02:17 - 00000000 ____D C:\Users\Mike\AppData\Local\NVIDIA 2016-02-17 01:40 - 2016-02-12 02:29 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2016-02-17 01:40 - 2016-02-12 02:20 - 01903344 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2016-02-17 01:40 - 2016-02-12 02:20 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2016-02-17 01:40 - 2016-02-12 02:20 - 01571624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2016-02-17 01:40 - 2016-02-12 02:20 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2016-02-16 15:50 - 2016-02-12 01:20 - 00005776 _____ C:\Users\Mike\Documents\law.do 2016-02-14 02:07 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\F12 2016-02-14 02:07 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2016-02-14 02:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe 2016-02-14 02:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning 2016-02-14 01:02 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared ==================== Files in the root of some directories ======= 2016-02-12 02:25 - 2016-02-12 02:25 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2016-02-12 02:16 - 2016-02-12 02:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Mike\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Mike\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Mike\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-12 09:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Mike (2016-03-15 23:35:30) Running from C:\Users\Mike\Desktop Windows 10 Home Version 1511 (X64) (2016-02-12 07:03:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1429111364-1358436674-1010729600-500 - Administrator - Disabled) ASPNET (S-1-5-21-1429111364-1358436674-1010729600-1002 - Limited - Enabled) DefaultAccount (S-1-5-21-1429111364-1358436674-1010729600-503 - Limited - Disabled) Guest (S-1-5-21-1429111364-1358436674-1010729600-501 - Limited - Disabled) Mike (S-1-5-21-1429111364-1358436674-1010729600-1001 - Administrator - Enabled) => C:\Users\Mike ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly) ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.8.3 - ASUSTek COMPUTER INC.) ASUS GPU TweakII (x32 Version: 1.1.8.3 - ASUSTek COMPUTER INC.) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EverQuest II (HKLM-x32\...\Steam App 201230) (Version: - Daybreak Games) EverQuest II (HKU\S-1-5-21-1429111364-1358436674-1010729600-1001\...\DG0-EverQuest II) (Version: - Sony Online Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grim Dawn (HKLM-x32\...\Steam App 219990) (Version: - Crate Entertainment) Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.) Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marvel Heroes 2016 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6568.2036 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation) NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation) NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.) RIFT (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds) SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version: - Turbine, Inc.) The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.) The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1429111364-1358436674-1010729600-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {064AE2B4-6E5C-4B8A-A866-B349862377BA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-08] (Microsoft Corporation) Task: {07003FC3-E830-4FF8-AA88-098A04FABA28} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {33D171ED-2D7E-4A31-AC4B-5E6824100064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.) Task: {343017F2-0ABD-47AD-82A5-73DDE0DFFECC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-03-02] (Microsoft Corporation) Task: {4D98B594-5188-451A-BF43-57383F96402C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {6D7FC98F-37FD-44D1-A81D-DC8C7E51F1D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-03-02] (Microsoft Corporation) Task: {752941B7-BE67-4FDA-97AB-52A6DE4C7573} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.) Task: {BFADB90F-EA4E-48AC-8212-E702D7D0C4F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-08] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-02-12 02:08 - 2016-03-08 01:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-08-18 23:31 - 2015-08-18 23:31 - 00048640 _____ () C:\Windows\SysWOW64\ASGT.exe 2016-02-12 02:10 - 2013-07-04 04:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-02-12 01:03 - 2016-02-28 02:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-02-20 01:07 - 2016-02-17 01:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-02-12 02:29 - 2016-02-17 01:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-02-20 01:07 - 2016-02-17 01:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-03-01 17:26 - 2016-02-23 06:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-03-01 17:26 - 2016-02-23 06:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-03-15 23:06 - 2016-02-28 05:22 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-02-12 11:09 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-01 17:25 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-02-12 11:10 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-12 11:10 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-12 11:10 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-12 11:10 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-12 00:54 - 2016-02-12 00:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-02-17 18:01 - 2016-02-17 18:01 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-02-17 18:01 - 2016-02-17 18:01 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-02-12 02:10 - 2016-03-15 23:15 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2016-02-12 02:10 - 2013-07-04 04:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2015-12-02 16:30 - 2015-12-02 16:30 - 00065536 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll 2016-01-18 12:10 - 2016-01-18 12:10 - 01946624 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll 2016-02-12 00:54 - 2016-02-12 00:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-12 00:54 - 2016-02-12 00:54 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-02-12 02:20 - 2016-02-17 02:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-02-12 01:11 - 2016-02-09 20:17 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-02-12 01:11 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-02-12 01:11 - 2016-03-10 14:02 - 02547792 _____ () C:\Program Files (x86)\Steam\video.dll 2016-02-12 01:11 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-02-12 01:11 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-02-12 01:11 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-02-12 01:11 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-02-12 01:11 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-02-12 01:11 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-02-12 01:11 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-02-12 01:11 - 2016-03-10 14:02 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-08 23:03 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-02-12 01:11 - 2016-02-08 20:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-02-19 16:29 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-19 16:29 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1429111364-1358436674-1010729600-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5C704ADD-163C-4839-8BAC-4D3A3B1A7746}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2599E921-9F2B-4688-8EBD-43015DBA0624}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{837913C0-35CD-4992-9E0A-DFC9BFA177E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{BFDDFBED-39B2-4CCA-AD94-6669A4D441A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B622F3A6-6DE5-480F-A7B0-5D01D4CCD5CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{ECDAA4A3-2583-49AC-9524-3F551D83EEA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{82C1FCC7-A03E-41A0-BFE3-10D175D94A5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A8DEDFC7-CA9E-4BC3-B5F1-7BA61E4A3AE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{616ABFF8-A54D-4BBA-B8BD-5C5AD7F1896E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5ACF67FF-DEAB-4459-A7AB-B8A5B54CB443}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{07F13A38-6BC7-473A-AF49-3A24851CC786}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{50E5C0EF-AD00-4002-AE8C-DBC4AF1F151F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{F3B6E220-8771-4392-85AF-BE5FAA148F40}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{987C3211-A7A3-407D-B94A-652BED375B42}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{859F382E-D06A-4264-A671-2E638DED368C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{AF3ED838-0BF4-4663-B2F1-43F331E02A4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{93720AA7-CBB2-4DB3-80E9-4474DFCD2F86}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [UDP Query User{00BA1F4E-2F5C-44E6-8D4F-20A4ECCD3826}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{F2F1AF52-DAD0-48AD-96ED-F619B4F157C2}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe FirewallRules: [UDP Query User{3D259168-CA33-414C-B680-4657D069ECE2}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe FirewallRules: [{A9AFA1E1-1214-4833-B139-DD932B1A3EAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [{9ACCA7D7-758A-45B0-B2D8-D1ADA8C7402D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [{227B8C9D-B063-437C-8C38-96E3427DAC25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{C85EA16F-3F83-4615-A863-4E14906E7EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{2109C80F-537C-425B-9D87-6E99C2D76E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe FirewallRules: [{6B7F65C7-A308-4CDF-B99F-550A71EF03C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe FirewallRules: [{AC69D7ED-4CA2-4FCA-B94B-725E7D45FCCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe FirewallRules: [{1C43DA14-4C12-46AE-AFA2-C92ED6482A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe FirewallRules: [TCP Query User{03BC1B30-EAF3-4A64-AF7B-A48F4FDC35DA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe FirewallRules: [UDP Query User{E35186F7-0A73-4B48-9E8A-2087094CF4D7}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe FirewallRules: [TCP Query User{7BBB14B8-BB5D-4589-8A77-2EBD4E7B5EA9}C:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [UDP Query User{B41730A4-3B1C-4048-8383-77955D0FAF75}C:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe FirewallRules: [{EE101166-B99A-47A4-8A2C-AE0EE7096206}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EverQuest 2\LaunchPad.exe FirewallRules: [{4129581B-932E-44B2-9460-97DD5CF9793A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EverQuest 2\LaunchPad.exe FirewallRules: [{3F6DD1B3-E86A-46D2-8610-EE51B63F8939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIFT\riftpatchlive.exe FirewallRules: [{3BAD6D06-A824-40B6-9A92-4F3208CA7953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIFT\riftpatchlive.exe FirewallRules: [{E16E18EB-E1D2-4E88-B374-08AC8B33A142}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe FirewallRules: [{92CE2E22-040D-4388-8415-9DF00238BABA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe FirewallRules: [TCP Query User{D2FECD13-2158-4DDA-8C9E-7A74785240ED}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe FirewallRules: [UDP Query User{784CC759-A26C-4AFF-8420-118D703B8F0B}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe FirewallRules: [{D025B427-C4DC-4823-8005-293AEC0C959B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{83028BBA-C1CD-4EE6-8378-5B5D6780F9E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [TCP Query User{72593D42-A03F-4E70-9AA5-46184FFDE1C0}C:\program files (x86)\steam\steamapps\common\mytheon\mytheonclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mytheon\mytheonclient.exe FirewallRules: [UDP Query User{D02ADD29-7DE2-4BBD-A6D1-6C5905F9305F}C:\program files (x86)\steam\steamapps\common\mytheon\mytheonclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mytheon\mytheonclient.exe FirewallRules: [{7F8D4D33-EEF0-4217-B969-BA5F41E84E98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [{737436AE-C6D9-4A68-A32F-0A383F4F61B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [{E49BFA83-0780-427E-875A-71E8D97DA658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe FirewallRules: [{F6B11D45-4652-4E0C-9D18-1C27619D3662}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe FirewallRules: [TCP Query User{42A0FFA6-6315-4C4C-A794-5C3060A99605}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{67A09E6B-4C1E-493E-B378-C742C42EC5C2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{9AB0632D-0573-477D-984E-5E0ACE843B3E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 27-02-2016 14:17:27 Installed DirectX 29-02-2016 16:36:49 Installed DirectX 05-03-2016 19:46:02 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11-03-2016 11:44:43 Windows Update 13-03-2016 15:26:32 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 13-03-2016 15:26:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/13/2016 03:26:47 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/13/2016 03:26:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/13/2016 03:26:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/12/2016 08:23:51 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/11/2016 04:40:38 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/11/2016 11:44:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/08/2016 11:50:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-36966RJ) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (03/08/2016 04:36:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/06/2016 11:55:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BatmanAC.exe version 1.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2e4c Start Time: 01d177c8bb077edf Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe Report Id: 3daa8540-e3bc-11e5-8ce1-10c37b94ee25 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2016 07:46:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (03/15/2016 11:14:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_2366f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/15/2016 11:14:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (03/15/2016 11:08:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/15/2016 10:55:31 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:37:16 AM on ‎3/‎14/‎2016 was unexpected. Error: (03/15/2016 10:55:24 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 32212256844750233830481880 Error: (03/13/2016 08:03:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_24d19 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/13/2016 08:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (03/13/2016 06:04:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_248e1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/13/2016 06:04:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (03/13/2016 04:05:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_26979 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-03-15 23:07:57.759 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-12 14:01:48.806 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 13:57:24.522 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-08 22:16:56.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-03 11:02:02.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 10:51:37.683 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 21:12:51.030 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-22 20:40:01.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-19 18:26:19.349 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-18 23:43:29.583 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Percentage of memory in use: 16% Total physical RAM: 16326.99 MB Available physical RAM: 13578.16 MB Total Virtual: 18758.99 MB Available Virtual: 15676.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.27 GB) (Free:90.19 GB) NTFS Drive e: (TOSHIBA EXT) (Fixed) (Total:2794.52 GB) (Free:1595.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C82B65EE) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End of Addition.txt ============================
  9. The blog has a story about a new version of Cyptowall "in the wild." I'm just curious: has MBAE been tested against this yet? Does it stop it or have the hackers (temporarily) figured out a way around MBAE?
  10. I'm still having problems but I'm convinced it ins't malware. Or if it is it's brutally well designed malware.
  11. Let me know if you see something in the logs or have an obvious thing to check. If not, I have a theory on the Captchas that are unrelated to Malware. Thanks for all your help.
  12. If it helps, I rand sfc /scannow to see if there was OS corruption and got these messages at the end: 2015-10-21 23:00:36, Info CSI 00005120 [sR] Verify complete2015-10-21 23:00:36, Info CSI 00005121 [sR] Repairing 1 components2015-10-21 23:00:36, Info CSI 00005122 [sR] Beginning Verify and Repair transaction2015-10-21 23:00:36, Info CSI 00005123 [sR] Repairing corrupted file [ml:114{57},l:112{56}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs"\[l:20{10}]"Search.lnk" from store2015-10-21 23:00:36, Info CSI 00005124 [DIRSD OWNER WARNING] Directory [ml:98{49},l:96{48}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search" is not owned but specifies SDDL in component Microsoft-Windows-UI-Search, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35} 2015-10-21 23:00:36, Info CSI 00005125 [DIRSD OWNER WARNING] Directory [ml:112{56},l:110{55}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\Images" is not owned but specifies SDDL in component Microsoft-Windows-UI-Search, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35} 2015-10-21 23:00:36, Info CSI 00005126 Warning - Overlap: Duplicate ownership for directory [l:96{48}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35} 2015-10-21 23:00:36, Info CSI 00005127 Warning - Overlap: Duplicate ownership for directory [l:124{62}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\XAMLTemplates" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35} 2015-10-21 23:00:36, Info CSI 00005128 Warning - Overlap: Duplicate ownership for directory [l:110{55}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\Images" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
  13. Not sure if it's connected but it was definitely weird. Just had Chrome go "back" two pages and crash to the desktop on me. Then there was a message on the screen asking me if I wanted to give MBAM permission to open but before I could cleck anything, it went away, and kept flashing on the screen. Any ideas what might be happening? I don't see any errors in Event Viewer that might be associated with it.
  14. For now seems to be working. Out of curiosity, what did you notice that was wrong and how did you fix it?
  15. Huh. Nevermind on Outlook. That appears to be an odd coincidence unrelated to anything else here. It started happening on another computer on another network.
  16. This also seems to have broken Outlook Web Access. It won't load properly on Chrome any more. It just keeps loading.
  17. Run. Log is below. One thing: as soon as the AV was back on, it identified zoek-delete.exe as a Trojan. Is that just part of the reason to shut down the AV before running ZOEK? zoek-results.txt
  18. Thanks so much for the fast reply. I have a question that hopefully won't break the "there are no stupid questions" rule right off the bat: can I unplug my computer from the Internet while the av is disabled or does ZOEK need a connection?
  19. I have Webroot Secure Anywhere and MBAM free running and neither one detects a problem. Yet I still fairly regularly get Captchas when trying to do a Google search. Looking at Resource Monitor today, I noticed that chrome was connecting to compute-1.amazonaws.com, which appears to be associated with Malware. There's also something going on with normal shutdowns being tagged as "unexpected." A few days ago instead of a straight boot I got "Windows is scanning and repairing drive C." When I try to paste the logs I'm told the post is too long so they're attached.FRST.txtAddition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.