Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible infection need help

This is a discussion on Possible infection need help within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I am brand new to the forum. I think that my computer has some adware or virus I am


 
 
Thread Tools Search this Thread
Old 05-02-2016, 09:12 PM   #1
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Hi, I am brand new to the forum. I think that my computer has some adware or virus I am not sure. A couple of times while using the web I have clicked on a link and it pops up with a window warning me of a virus and to call a number. I am pretty sure this is just a scam and the only way to close the window without it making more was by force quitting chrome or internet explorer. I dont want any kind of spyware or virus on my computer so scanned with my windows defender. I dont remember it finding anything and if it did the problem still occurred again. So I installed a program called malwarebytes anti-malware. It gave me a 14 day free trial for the full version which blocks internet pop-ups. This did the trick kinda. It did scan and found some stuff that I used the program to quarantine then delete. Is there anyway to make sure my computer is 100% free from any harmful program or software ect.? The problem ocurred while i had the anti malware stuff but i think it was cause the program wasnt running at the time. pls HELP
nblaster is offline  
Sponsored Links
Advertisement
 
Old 05-02-2016, 11:50 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello and Welcome to TSF,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 05-03-2016, 05:07 AM   #3
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



# AdwCleaner v5.115 - Logfile created 03/05/2016 at 06:57:44
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Nathan - NATHAN-PC
# Running from : C:\Users\Nathan\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon Browser Settings

***** [ Files ] *****

[-] File Deleted : C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Key Deleted : HKCU\Software\distromatic
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy]
[-] Data Restored : HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\Software\Microsoft\Internet Explorer\Main [SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy]

***** [ Web browsers ] *****

[-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
[-] [C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3681 bytes] - [20/04/2016 18:04:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1442 bytes] - [20/04/2016 21:25:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [1971 bytes] - [03/05/2016 06:57:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [4392 bytes] - [20/04/2016 18:03:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [1588 bytes] - [20/04/2016 21:24:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [2545 bytes] - [03/05/2016 06:55:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [2616 bytes] - [03/05/2016 06:56:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2336 bytes] ##########





Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
Ran by Nathan (administrator) on NATHAN-PC (03-05-2016 07:02:50)
Running from C:\Users\Nathan\Desktop
Loaded Profiles: Nathan (Available Profiles: Nathan & Steven & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Users\Nathan\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Nathan\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15003256 2015-09-19] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122336 2014-08-12] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\RunOnce: [Uninstall C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\MountPoints2: {6322f636-6c73-11e5-8d80-806e6f6e6963} - "D:\Startup.exe"
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-09-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-09-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-09-26]
ShortcutTarget: Curse.lnk -> C:\Users\Nathan\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{4b6c1949-9120-49b8-9328-0467e2363861}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4090265111-1262118858-1950374410-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-25] (LastPass)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-25] (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-25] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-25] (LastPass)

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-25] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-25] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-20] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ARC Welder) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-03-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-01]
CHR Extension: (ARC Welder) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138720 2014-08-12] (Portrait Displays, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-19] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-24] (Overwolf LTD)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4255232 2016-02-15] (A-Volute) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2015-09-25] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 L1C; C:\Windows\System32\drivers\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-29] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-20] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 X6va060; \??\C:\WINDOWS\SysWOW64\Drivers\X6va060 [21208 2015-11-07] ()
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 07:02 - 2016-05-03 07:03 - 00021406 _____ C:\Users\Nathan\Desktop\FRST.txt
2016-05-03 07:02 - 2016-05-03 07:02 - 00000000 ____D C:\FRST
2016-05-03 07:01 - 2016-05-03 07:02 - 02377216 _____ (Farbar) C:\Users\Nathan\Desktop\FRST64.exe
2016-05-03 07:01 - 2016-05-03 07:01 - 02377216 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2016-05-03 06:53 - 2016-05-03 06:53 - 03615296 _____ C:\Users\Nathan\Desktop\AdwCleaner.exe
2016-05-02 23:24 - 2016-05-02 23:24 - 00008950 _____ C:\Users\Nathan\Desktop\attach.txt
2016-05-02 23:24 - 2016-05-02 23:23 - 00037084 _____ C:\Users\Nathan\Desktop\dds.txt
2016-05-02 23:23 - 2016-05-02 23:23 - 00688992 ____R (Swearware) C:\Users\Nathan\Downloads\dds.scr
2016-05-02 22:29 - 2016-05-02 22:29 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-05-02 21:49 - 2016-05-02 22:41 - 00000000 ____D C:\Users\Nathan\Documents\Ableton
2016-05-02 21:48 - 2016-05-02 22:34 - 00000398 __RSH C:\ProgramData\ntuser.pol
2016-05-02 21:48 - 2016-05-02 22:09 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Ableton
2016-05-02 21:48 - 2016-05-02 21:48 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-05-02 21:47 - 2016-05-02 23:17 - 00000000 ____D C:\ProgramData\Ableton
2016-05-02 21:05 - 2016-05-02 21:05 - 00000000 ____D C:\WINDOWS\LastGood
2016-05-02 21:05 - 2016-03-21 15:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-02 21:05 - 2016-03-21 15:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-02 21:04 - 2016-05-02 21:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-04-30 11:24 - 2016-04-30 11:24 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-04-24 16:45 - 2016-04-24 16:45 - 00146862 _____ C:\Users\Nathan\Downloads\Phylogenetic_trees_click_learn_worksheet.pdf
2016-04-20 21:53 - 2016-05-03 06:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 21:52 - 2016-04-20 21:52 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-20 21:52 - 2016-04-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-20 21:52 - 2016-04-20 21:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 21:52 - 2016-04-20 21:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-20 21:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-20 21:52 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-20 21:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-20 21:50 - 2016-05-03 06:58 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 21:50 - 2016-05-03 06:55 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 21:50 - 2016-05-02 21:56 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 21:50 - 2016-04-20 21:50 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-20 21:50 - 2016-04-20 21:50 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-20 21:50 - 2016-04-20 21:50 - 00000000 ____D C:\Users\Nathan\AppData\Local\Deployment
2016-04-20 21:50 - 2016-04-20 21:50 - 00000000 ____D C:\Users\Nathan\AppData\Local\Apps\2.0
2016-04-20 21:29 - 2016-04-20 21:48 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-20 21:29 - 2016-04-20 21:29 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-20 21:28 - 2016-04-20 21:29 - 19764296 _____ C:\Users\Nathan\Downloads\RogueKiller.exe
2016-04-20 18:03 - 2016-05-03 06:57 - 00000000 ____D C:\AdwCleaner
2016-04-19 01:18 - 2016-04-19 01:18 - 00167595 _____ C:\Users\Nathan\Downloads\Mission Statement.pdf
2016-04-19 01:18 - 2016-04-19 01:18 - 00023076 _____ C:\Users\Nathan\Downloads\Concentrations.pdf
2016-04-19 01:15 - 2016-04-19 01:15 - 00035591 _____ C:\Users\Nathan\Downloads\Majors.pdf
2016-04-19 01:15 - 2016-04-19 01:15 - 00026862 _____ C:\Users\Nathan\Downloads\Minors.pdf
2016-04-13 20:07 - 2016-04-13 20:07 - 00002830 _____ C:\Users\Nathan\Downloads\KessonDaslef.mid
2016-04-12 16:03 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 16:03 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 16:03 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 16:03 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 16:03 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 16:03 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 16:03 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 16:03 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 16:03 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 16:03 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 16:03 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 16:03 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 16:03 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 16:03 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 16:03 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 16:03 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:03 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 16:03 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 16:03 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 16:03 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 16:03 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 16:03 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 16:03 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 16:03 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 16:03 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 16:03 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 16:03 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 16:03 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 16:03 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 16:03 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 16:03 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 16:03 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 16:03 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 16:03 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 16:03 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 16:03 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 16:03 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 16:03 - 2016-03-29 02:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-12 16:03 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 16:03 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 16:03 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 16:03 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 16:03 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 16:03 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 16:03 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 16:03 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 16:03 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 16:03 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 16:03 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 16:03 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 16:03 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 16:03 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 16:03 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 16:03 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 16:03 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 16:03 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 16:03 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 16:03 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 16:03 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 16:03 - 2016-03-29 02:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-12 16:03 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 16:03 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 16:03 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 16:03 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 16:03 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 16:03 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 16:03 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 16:03 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 16:03 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 16:03 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 16:03 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 16:03 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 16:03 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 16:03 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 16:03 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 16:03 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 16:03 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 16:03 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 16:03 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 16:03 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 16:03 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 16:03 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 16:03 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 16:03 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 16:03 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 16:03 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 16:03 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 16:03 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 16:03 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 16:03 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 16:03 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 16:03 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 16:03 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 16:03 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 16:03 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 16:03 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 16:03 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 16:03 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 16:03 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 16:03 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 16:03 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 16:03 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 16:03 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 16:03 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 16:03 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 16:03 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 16:03 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 16:03 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 16:03 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 16:03 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 16:03 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 16:03 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 16:03 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 16:03 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 16:03 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 16:03 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 16:03 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 16:03 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 16:03 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 16:03 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 16:03 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 16:03 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 16:03 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 16:03 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 16:03 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 16:03 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 16:03 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 16:03 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 16:03 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 16:03 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 16:03 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 16:03 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 16:03 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 16:03 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 16:03 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 16:03 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 16:02 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 16:02 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 16:02 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 16:02 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 16:02 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 16:02 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 16:02 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 16:02 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 16:02 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 16:02 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 16:02 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 16:02 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 16:02 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 16:02 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 16:02 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 16:02 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 16:02 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 16:02 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 16:02 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 16:02 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 16:02 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 16:02 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 16:02 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 16:02 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 16:02 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 16:02 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 16:02 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 16:02 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 16:02 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 16:02 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 16:02 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 16:02 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 16:02 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 16:02 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 16:02 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 16:02 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 16:02 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 16:02 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 16:02 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 16:02 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 16:02 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 16:02 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 16:02 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 16:02 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 16:02 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 16:02 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 16:02 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 16:02 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 16:02 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 16:02 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 16:02 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 16:02 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 16:02 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 16:02 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 16:02 - 2016-03-29 02:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-12 16:02 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 16:02 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 16:02 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 16:02 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 16:02 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 16:02 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 16:02 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 16:02 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 16:02 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 16:02 - 2016-03-29 02:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-12 16:02 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 16:02 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 16:02 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 16:02 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 16:02 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 16:02 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 16:02 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 16:02 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 16:02 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 16:02 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 16:02 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 16:02 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 16:02 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 16:02 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 16:02 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 16:02 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 16:02 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 16:02 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 16:02 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 16:02 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 16:02 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 16:02 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 16:02 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 16:02 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 16:02 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 16:02 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 16:02 - 2016-03-29 02:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-12 16:02 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 16:02 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 16:02 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 16:02 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 16:02 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 16:02 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 16:02 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 16:02 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 16:02 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 16:02 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 16:02 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 16:02 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 16:02 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 16:02 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 16:02 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 16:02 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 16:02 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 16:02 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 16:02 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 16:02 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 16:02 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 16:02 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 16:02 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 16:02 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 16:02 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 16:02 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 16:02 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 16:02 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 16:02 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 16:02 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 16:02 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 16:02 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 16:02 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 16:02 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 16:02 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 16:02 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 16:02 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 16:02 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 16:02 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 16:02 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 16:02 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 16:02 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 16:02 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 16:02 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 16:02 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 16:02 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 16:02 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 16:02 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 16:02 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 16:02 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 16:02 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 16:02 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 16:02 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 16:02 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 16:02 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 16:02 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 16:02 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 07:20 - 2016-04-12 07:20 - 00095400 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll
2016-04-09 21:08 - 2016-04-09 21:08 - 00000000 ____D C:\Users\Nathan\AppData\Local\RzStats
2016-04-03 21:10 - 2016-05-03 06:56 - 00000000 ____D C:\Program Files (x86)\Adobe Photoshop CS6
2016-04-03 21:06 - 2016-04-03 21:08 - 77313440 _____ C:\Users\Nathan\Downloads\Program.zip
2016-04-03 20:21 - 2016-05-02 22:57 - 00000000 ___HD C:\$SysReset
2016-04-03 19:56 - 2016-05-02 22:55 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashDumps
2016-04-03 19:52 - 2016-04-03 19:55 - 00000000 ____D C:\Users\Public\Documents\iSumsoft ZIP Password Refixer
2016-04-03 19:52 - 2016-04-03 19:55 - 00000000 ____D C:\Program Files (x86)\iSumsoft ZIP Password Refixer
2016-04-03 19:52 - 2016-04-03 19:52 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSumsoft ZIP Password Refixer
2016-04-03 01:48 - 2016-04-03 01:48 - 00000312 _____ C:\Users\Nathan\Downloads\tw10428.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 07:01 - 2015-10-30 21:07 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-05-03 06:59 - 2015-10-06 17:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-03 06:58 - 2015-11-17 05:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-03 06:58 - 2015-11-17 05:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-03 06:58 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-03 06:49 - 2015-10-12 21:48 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38586678-6403-443D-ABAD-82D86F5D0A66}
2016-05-02 23:21 - 2016-03-28 21:53 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\Adobe
2016-05-02 22:36 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-02 22:30 - 2015-11-17 05:08 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-02 21:48 - 2015-09-26 00:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-02 21:48 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-05-02 21:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-02 21:42 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-02 21:42 - 2015-09-25 18:05 - 00000000 ____D C:\Users\Nathan\AppData\Local\Packages
2016-05-02 21:05 - 2015-09-26 10:19 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-02 06:38 - 2016-01-18 12:38 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-05-01 18:57 - 2015-09-26 09:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Curse Client
2016-04-30 11:24 - 2015-11-17 05:08 - 00000000 ____D C:\Program Files (x86)\Razer
2016-04-27 19:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-22 02:57 - 2015-09-25 12:35 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 21:50 - 2015-09-26 00:24 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-20 21:35 - 2015-10-12 21:48 - 00000000 ____D C:\ProgramData\Oracle
2016-04-20 21:34 - 2015-10-30 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-20 21:34 - 2015-10-12 21:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-20 21:33 - 2015-10-30 20:47 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-20 21:33 - 2015-10-12 21:48 - 00000000 ____D C:\Users\Nathan\.oracle_jre_usage
2016-04-20 18:05 - 2015-11-17 05:09 - 00000000 ____D C:\Users\Nathan
2016-04-20 16:40 - 2015-09-25 18:07 - 00002370 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-20 16:40 - 2015-09-25 18:07 - 00000000 ___RD C:\Users\Nathan\OneDrive
2016-04-19 03:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 09:38 - 2015-11-17 05:07 - 00215608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 05:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 05:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 05:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 05:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 20:16 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 20:16 - 2015-09-25 12:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 20:12 - 2015-09-25 12:37 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 00:21 - 2015-09-26 22:12 - 00000000 ____D C:\Riot Games
2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-09-25 12:44 - 2015-09-25 12:44 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-09-25 12:31 - 2015-09-25 12:32 - 0002038 _____ () C:\Users\Nathan\AppData\Local\BTServer.log
2015-11-05 20:25 - 2015-11-05 20:25 - 0007600 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nathan\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\libeay32.dll
C:\Users\Nathan\AppData\Local\Temp\mpa12532.exe
C:\Users\Nathan\AppData\Local\Temp\msvcr120.dll
C:\Users\Nathan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nathan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Nathan\AppData\Local\Temp\nvStInst.exe
C:\Users\Nathan\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-30 11:26

==================== End of FRST.txt ============================
nblaster is offline  
Sponsored Links
Advertisement
 
Old 05-03-2016, 05:08 AM   #4
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Nathan (2016-05-03 07:03:16)
Running from C:\Users\Nathan\Desktop
Windows 10 Pro Version 1511 (X64) (2015-11-17 10:12:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4090265111-1262118858-1950374410-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4090265111-1262118858-1950374410-503 - Limited - Disabled)
Guest (S-1-5-21-4090265111-1262118858-1950374410-501 - Limited - Disabled)
Nathan (S-1-5-21-4090265111-1262118858-1950374410-1000 - Administrator - Enabled) => C:\Users\Nathan
Steven (S-1-5-21-4090265111-1262118858-1950374410-1001 - Administrator - Enabled) => C:\Users\Steven

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
A-Tuning v2.0.134 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.134 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Painter Essentials 5 - IPM (Version: 5.0 - Corel Corporation) Hidden
Corel Painter Essentials 5 - IPM Content (Version: 5.0 - Corel Corporation) Hidden
Corel Painter Essentials 5 (HKLM\...\_{7E35BD37-3F00-4FCB-A357-92F5D0CDEC2A}) (Version: 0.0 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.22.013 - Portrait Displays, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version: - EVGA)
Free Rar File Opener (HKLM-x32\...\{C4F94FD8-9CF5-40B5-9695-FC5BCD22F062}_is1) (Version: 1.0 - Media Freeware)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.74 (HKLM\...\Logitech Gaming Software) (Version: 8.74.80 - Logitech Inc.)
Lost Saga North America (HKLM-x32\...\Steam App 266150) (Version: - IO Entertainment)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.94.19.0 - Overwolf Ltd.)
Painter Essentials 5 - Contentx64 (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - Core (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - Corex64 (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - CT (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - DE (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - EN (Version: 5.0.1 - Corel Corporation) Hidden
Painter Essentials 5 - FR (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - JP (Version: 5.0 - Corel Corporation) Hidden
Painter Essentials 5 - Setup Files (Version: 5.0 - Corel Corporation) Hidden
Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.4.1 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.19 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.806.012014 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.7 - Samsung Electronics)
SDK (x32 Version: 2.40.012 - Portrait Displays, Inc.) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls Online: Tamriel Unlimited (HKLM-x32\...\Steam App 306130) (Version: - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4090265111-1262118858-1950374410-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0480DAC2-5701-41DB-8600-16D8B5AF78A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0576AE42-E9E4-42D5-9CE5-C7BB28DD7BC6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {0A82730C-99B7-447C-8DE0-CE5DF98ECB8F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {18404EA2-0A1E-4064-B1C8-9123CBBA29EC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {18DFF451-D622-427D-B3EB-44ECBB2045EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-20] (Google Inc.)
Task: {1AFE8F1E-88CC-4CA8-965D-BCCBD093C1D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1CDE74C5-EE0C-48CF-86C3-8C7F419F68C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D64A343-DA6D-411B-ACE7-1CF03A5C7815} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1F0AC403-F779-4C28-88D2-2B3A10353C52} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2239F26E-D861-4123-9C05-26E3398FF266} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2599227C-6B0B-4685-91D7-0C88D8C431BF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {32DEDDD2-CF88-4191-9A86-52BD210F71E4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {37141A04-4526-43A5-99DF-AF84CE36EEC0} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-24] (Overwolf LTD)
Task: {375176C7-513B-4DDE-A278-BCD664C17161} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3E4B60AB-228A-4B2D-8B90-C0420BD11729} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {565B5A52-2307-4B6C-BC4D-3676B75466D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {5AED330B-D49A-4A79-A550-2F73966744FF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {61A37EAD-BA19-49A4-AA73-A86AA6D9E15A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {671A82C3-4EFA-4849-A6DC-1DC1A6F81901} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-08-26] (Samsung Electronics.)
Task: {7678E186-FB98-499A-9202-A5A10538570F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {78DE7102-9D80-44E3-B420-708FA3F6EC92} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {94A633EC-2F1D-4593-AA26-A61C425F99BC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A75E1FCE-44C7-4887-B8FC-1DF3058B9903} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AB387EA3-B1BC-4A09-BBA8-2B88FFD709AE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {BAE34AE3-1692-41C7-AA45-6C65EBE411CB} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-04-18] ()
Task: {BF670808-56BC-4DDE-A741-64DB66DB43FF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C368EDA5-5E4E-43DE-8396-4B0642EBF12B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {CECE86BC-620C-4022-9C59-4C6136AF9651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E1DA0331-4742-46B0-8A67-C286FE3A41BD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E4147E0F-1F57-49F4-9E8B-4DBB46D802DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E47C8F0C-6F26-486B-97A2-DDCBCB85BAC8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EA9CB876-1D7B-4F4A-9E8A-868C677948AB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EC99C35C-06E4-4F98-BC17-1D157DA5B44F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-25 16:03 - 2014-08-12 14:26 - 00098272 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2015-11-17 05:08 - 2016-03-21 21:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-25 14:28 - 2013-07-25 15:04 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2016-03-02 19:20 - 2016-03-29 20:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-28 09:42 - 2016-03-29 20:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-02 21:05 - 2016-03-29 20:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-02 19:20 - 2016-03-29 20:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-05-02 21:05 - 2016-03-29 20:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-02 21:05 - 2016-03-29 20:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-02 21:05 - 2016-03-29 20:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 19:10 - 2016-03-29 20:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-12 16:03 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:03 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-20 16:40 - 2016-04-20 16:40 - 00959176 _____ () C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-09-25 16:02 - 2014-08-12 14:26 - 00275936 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2015-12-18 19:11 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 16:02 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 16:03 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 16:02 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 16:03 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 16:03 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-27 12:09 - 2016-01-11 12:30 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-05-02 21:05 - 2016-03-29 20:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-02 21:05 - 2016-03-29 20:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-19 16:20 - 2015-09-19 16:20 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-19 16:20 - 2015-09-19 16:20 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-09-25 15:50 - 2013-06-18 12:26 - 00677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2015-09-25 15:50 - 2013-06-18 12:26 - 00714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
2015-09-25 15:50 - 2014-08-12 14:26 - 00163296 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
2015-09-25 15:50 - 2014-08-12 14:26 - 00197088 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
2015-09-25 15:50 - 2014-08-12 14:26 - 00093664 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2015-10-30 20:49 - 2016-03-29 20:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-02 21:56 - 2016-04-27 18:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 21:56 - 2016-04-27 18:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-04-20 16:40 - 2016-04-20 16:40 - 00679624 _____ () C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-10-06 17:30 - 2016-03-10 19:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-06 17:30 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-06 17:30 - 2016-03-31 15:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-06 17:30 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-06 17:30 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-06 17:30 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-06 17:30 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-06 17:30 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-06 17:30 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-06 17:30 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-06 17:30 - 2016-03-31 15:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-14 18:11 - 2016-02-17 17:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-09-25 15:50 - 2014-08-12 14:26 - 00191968 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2016-02-26 03:29 - 2016-02-26 03:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-09-25 19:46 - 2015-08-27 16:30 - 40622592 _____ () C:\Users\Nathan\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2015-10-06 17:30 - 2016-02-08 20:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-09-25 19:46 - 2015-08-27 16:30 - 00911360 _____ () C:\Users\Nathan\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-09-25 19:46 - 2015-08-27 16:30 - 00134144 _____ () C:\Users\Nathan\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nathan\Desktop\974519-backgrounds.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\...\StartupApproved\StartupFolder: => "Curse.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{064967DF-C9ED-4C76-BCA8-BFF2AEADF43C}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{915CA291-FEC1-4975-9A04-8177DD24F7AC}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{81C92DEE-548E-433B-8C57-1E69636769D3}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B92EA5AB-8CF3-4AA7-A311-C4D7C3178DC1}] => (Allow) E:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9028DB29-91F9-4590-B4E4-8C6F7C3CB767}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1DF0261C-0800-4E72-841C-FE71C13E6F43}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{769B0144-639C-4165-AAC5-8117A9274040}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{37BAF0D1-1E8A-4616-8B4A-5F2C64C07F4D}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{FA10D42B-DB4A-4745-9A50-770E65AF3C79}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\lostsaga.exe
FirewallRules: [{285497F6-4F81-4F77-96CE-C302BCB1806B}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\lostsaga.exe
FirewallRules: [{AB2FB92B-312C-4677-B6F9-B7F3B718A85B}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\autoupgrade.exe
FirewallRules: [{F199B53A-8395-4BBF-871B-F50C052F82C9}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\autoupgrade.exe
FirewallRules: [{0CDE0706-AD35-44B2-8B4C-F6D27CF4DF5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{83E8C750-ABDF-4D09-9306-9C82FEA88ADA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{70093FA8-7D35-4E9B-8B82-8EADC9383AF8}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [TCP Query User{DE76D124-7F8C-43BC-B14E-BF2BC8B9580A}C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\jp2launcher.exe
FirewallRules: [{D1C354E3-7BB1-4BF0-B55C-6CAE1BF04CC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1E161EBF-F5B7-4444-AC36-F0125B20061F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{283272AC-F1B4-4BB0-9967-E95178382C2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C5B3473F-C363-4BCC-8538-EB3135523EC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2E269E53-26CD-4F0A-99AB-9E79C369705E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{E8F174FB-780E-47BE-802B-62269FE0A616}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{D6E9455E-24A3-406F-886B-7DD5F4242225}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DF2DCD36-19A0-4054-86FB-E556E171D62F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{C2AB8D10-5DAB-4BAB-8148-3DABF09967BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{01AACBC7-4B79-422B-A930-9CA756206591}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\LoginLauncher.exe
FirewallRules: [{C131AD26-DD64-439D-9870-00C1828CBF4B}] => (Allow) E:\SteamLibrary\steamapps\common\LostSaga\LoginLauncher.exe
FirewallRules: [{9F0E4FA9-2BC6-494B-B535-F544E607F5A7}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{66EE5BAC-DDE5-4A1C-9C72-37CAF016FFBA}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{39D85767-60E2-4EE1-896C-05ECA2FDAC7B}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{BEF19FC3-2A57-4C89-BF65-E5FFC44B91A9}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B521B9D6-29E7-45FE-BEB0-39A16EEAC1B1}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{538DBC30-A068-4547-A3E7-092D103C1B02}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{751DCE02-64F4-446D-9730-201F451E5D28}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E50AFFE2-FB0A-4D81-BE35-3F28566009B3}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{19500342-4DBC-4B64-BCDA-847AFB90EEA2}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9F21E222-2194-413F-9D30-6879EFC68DDB}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A397512B-7DFF-4BC0-B590-8135CD411E01}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A002F871-2E7C-49B6-A81A-6863B70A1374}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [UDP Query User{27C16D9A-C748-4B29-B4B8-4A7D640274B8}C:\users\nathan\appdata\local\temp\i1444187870\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1444187870\windows\resource\jre\bin\javaw.exe
FirewallRules: [TCP Query User{33371ED1-6B5E-4AC7-80BD-938A7C678E8D}C:\users\nathan\appdata\local\temp\i1444187870\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\nathan\appdata\local\temp\i1444187870\windows\resource\jre\bin\javaw.exe
FirewallRules: [{AA3C15E7-0192-497F-9929-60EF319CEB14}] => (Allow) E:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{6027B7DA-D56D-442F-B5CF-715FDDC3FCA0}] => (Allow) E:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{EE0D4EE9-85F8-420A-958C-3D4855741FE2}] => (Allow) E:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{D030063F-3CE3-49F2-88CD-6CF69BEE6549}] => (Allow) E:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9C76EBCD-DE4E-4EE0-93F7-1CA22462FA95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA520B08-37CD-4A17-9691-BC2ECE44F053}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1E1CE6E8-3D6B-4D51-9586-B20F47C98B01}] => (Allow) E:\Lost Saga\LostSaga\lostsaga.exe
FirewallRules: [{81D038FF-A246-440D-A632-C88C229D872E}] => (Allow) E:\Lost Saga\LostSaga\lostsaga.exe
FirewallRules: [{0943BB29-24B4-4534-AECF-4F0B7EDA333B}] => (Allow) E:\Lost Saga\LostSaga\autoupgrade.exe
FirewallRules: [{2851ADF8-9466-4269-99BA-C529057713EB}] => (Allow) E:\Lost Saga\LostSaga\autoupgrade.exe
FirewallRules: [{2BB28412-1EA0-4A13-8B45-893DFE2FF0CD}] => (Allow) C:\EVGA Precision X\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{B983D6E6-3FD2-4E74-BA2B-42BB37518D7E}] => (Allow) C:\EVGA Precision X\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{AD5EC0EF-4D67-4E3E-A5BF-06146658ED4D}] => (Allow) C:\EVGA Precision X\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{2D8D5884-E6AE-4897-B92C-1764F39A1AA1}] => (Allow) C:\EVGA Precision X\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{1846F659-B7AC-4867-9059-0274DAB1937F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B9D6B802-3432-437A-881E-9992A4EDFA67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{03282F63-A2C6-4B4F-B59A-7984D9FA4BD3}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{9A8B3A96-E659-4272-9AC7-F35539104599}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AEF836A2-6DB1-4F3C-B7EA-37DFDD9530AC}] => (Allow) E:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{A0173AF5-F5D9-47AA-B5DF-B71F694EA5D5}] => (Allow) E:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [UDP Query User{DDBB43B8-D255-434D-8BCD-DF231468A748}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{1749AAF6-3C11-4341-9D0E-28CCD67CC1B1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{44A0D8D1-B650-417E-80CA-B5681BBEB0DD}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2565587-4C0C-405C-B140-957E869686D3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E909AB51-0D2D-4CE9-915F-8058608B33A3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CC4ECAF1-419B-44DE-893B-580B25258C1A}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{B8AB1690-4E81-4BD6-8C55-C14765739955}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{F67B92E6-0B5B-4D66-B8CB-480C0056969A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{0168FB9B-FD01-494C-BD69-C3D96266CC7E}] => (Allow) C:\Users\Steven\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{3329DD4E-9A68-47B5-B2E2-1D6024CF3346}] => (Allow) C:\Users\Steven\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F38C3B4B-0090-48BA-9E41-A81F75A7FDFF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6DC4992E-7344-4C31-96B6-13D44BBA7A72}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A0190F51-3A73-4A39-A425-EFA564099664}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{99280252-3089-435F-B33F-5EF9E87876F4}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6552A113-C87D-4DFC-AF21-D3D1D8A63E19}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4D86089F-3647-45CE-9F12-3E12A5CD8CBF}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C6FFD085-8974-41B2-BEA7-2E0FE09E1D58}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{C7ED36DC-694D-43A1-9F95-3DA8990AF54B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{00785F1C-98F9-47C4-A046-A3770AF328B2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{516F9FA9-7AD7-4A41-A073-0F1A3AC660F0}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{71F087A7-B28F-4277-AF4C-6F537F149A7B}] => (Allow) E:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{0EED5EBD-6961-4845-8D39-82C361BE7AC5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-04-2016 19:08:37 Windows Backup
24-04-2016 19:08:38 Windows Backup
30-04-2016 11:24:07 Windows Update
01-05-2016 21:46:02 Windows Backup
02-05-2016 21:47:15 Installed Ableton Live 9 Suite

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2016 10:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x1a60
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:55:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x1880
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:55:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0xe00
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x1284
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:54:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x27ac
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:54:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NATHAN-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/02/2016 10:51:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x2bd8
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x1298
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0x9d0
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5

Error: (05/02/2016 10:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x56a2dc47
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4
Exception code: 0xc0000005
Fault offset: 0x0000000000071f28
Faulting process id: 0xac4
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
Faulting package full name: Ableton Live 9 Suite.exe4
Faulting package-relative application ID: Ableton Live 9 Suite.exe5


System errors:
=============
Error: (05/03/2016 06:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NATHAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Nathan-PCNathanS-1-5-21-4090265111-1262118858-1950374410-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 06:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NATHAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Nathan-PCNathanS-1-5-21-4090265111-1262118858-1950374410-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 06:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NATHAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Nathan-PCNathanS-1-5-21-4090265111-1262118858-1950374410-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 06:59:45 AM) (Source: DCOM) (EventID: 10016) (User: NATHAN-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Nathan-PCNathanS-1-5-21-4090265111-1262118858-1950374410-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 06:58:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (05/03/2016 06:58:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (05/03/2016 06:58:13 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/03/2016 06:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1dd2f1 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2016 06:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1dd2f1 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2016 06:58:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1dd2f1 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-05-03 06:58:05.254
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 06:58:05.246
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 06:58:05.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 06:58:05.224
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 06:58:05.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-02 21:30:14.755
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-02 21:30:14.724
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-02 21:25:34.977
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-02 21:25:34.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-02 21:25:34.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8143.47 MB
Available physical RAM: 5514.69 MB
Total Virtual: 16335.47 MB
Available Virtual: 13558.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:145.28 GB) NTFS
Drive e: (SecondDrive) (Fixed) (Total:1863.01 GB) (Free:1584.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E42862BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E198B813)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Thankyou for responding quickly
nblaster is offline  
Old 05-03-2016, 06:30 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

Thanks for the logs. Please do the following.

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.
__________________
tekir06 is offline  
Old 05-03-2016, 01:44 PM   #6
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



https://www.virustotal.com/en/file/0...is/1462308216/
nblaster is offline  
Old 05-03-2016, 11:32 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4090265111-1262118858-1950374410-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL = 
CHR HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
Task: {1CDE74C5-EE0C-48CF-86C3-8C7F419F68C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D64A343-DA6D-411B-ACE7-1CF03A5C7815} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2239F26E-D861-4123-9C05-26E3398FF266} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CECE86BC-620C-4022-9C59-4C6136AF9651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-04-2016, 07:44 AM   #8
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Nathan (2016-05-04 09:39:15) Run:1
Running from C:\Users\Nathan\Desktop
Loaded Profiles: Nathan (Available Profiles: Nathan & Steven & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4090265111-1262118858-1950374410-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
CHR HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
Task: {1CDE74C5-EE0C-48CF-86C3-8C7F419F68C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D64A343-DA6D-411B-ACE7-1CF03A5C7815} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2239F26E-D861-4123-9C05-26E3398FF266} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CECE86BC-620C-4022-9C59-4C6136AF9651} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Google\Chrome\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf" => key removed successfully
idsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CDE74C5-EE0C-48CF-86C3-8C7F419F68C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CDE74C5-EE0C-48CF-86C3-8C7F419F68C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D64A343-DA6D-411B-ACE7-1CF03A5C7815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D64A343-DA6D-411B-ACE7-1CF03A5C7815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2239F26E-D861-4123-9C05-26E3398FF266}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2239F26E-D861-4123-9C05-26E3398FF266}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CECE86BC-620C-4022-9C59-4C6136AF9651}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECE86BC-620C-4022-9C59-4C6136AF9651}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4090265111-1262118858-1950374410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C0CE4A45-66A4-4662-B212-F58249206D37}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 9.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:39:34 ====
nblaster is offline  
Old 05-04-2016, 11:31 PM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

Please do the following.

STEP 1

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 05-05-2016, 12:52 AM   #10
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/5/2016
Scan Time: 1:37 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.05.01
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Nathan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438995
Time Elapsed: 8 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm HTML/FakeAlert.CN trojan
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip HTML/FakeAlert.CN trojan



So far I have not experienced any problems. Thank you for all the help so far!
nblaster is offline  
Old 05-05-2016, 12:53 AM   #11
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Should I check the box on the ESET online scanner to delete the files? there was no instruction on what to do after the scan besides post the text file.
nblaster is offline  
Old 05-05-2016, 01:07 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

Yes. Please do and Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
__________________
tekir06 is offline  
Old 05-05-2016, 01:09 AM   #13
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm HTML/FakeAlert.CN trojan
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip HTML/FakeAlert.CN trojan

is this what your talking about?
nblaster is offline  
Old 05-05-2016, 01:16 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
CreateRestorePoint:
C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-05-2016, 01:20 AM   #15
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Fix result of Farbar Recovery Scan Tool (x64) Version:05-05-2016 01
Ran by Nathan (2016-05-05 03:19:27) Run:2
Running from C:\Users\Nathan\Desktop
Loaded Profiles: Nathan (Available Profiles: Nathan & Steven & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm HTML/FakeAlert.CN trojan
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip a variant of Win32/InstallCore.ACZ potentially unwanted application
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip HTML/FakeAlert.CN trojan

*****************

"C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm HTML/FakeAlert.CN trojan" => not found.
"E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application" => not found.
"E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application" => not found.
"E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip a variant of Win32/InstallCore.ACZ potentially unwanted application" => not found.
"E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip HTML/FakeAlert.CN trojan" => not found.

==== End of Fixlog 03:19:27 ====
nblaster is offline  
Old 05-05-2016, 01:34 AM   #16
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Is my computer all clean? or is there still more?
nblaster is offline  
Old 05-05-2016, 01:38 AM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello nblaster,

This is not my Fixlist. Please do the following.

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (524 Bytes, 34 views)
__________________
tekir06 is offline  
Old 05-05-2016, 01:52 AM   #18
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Fix result of Farbar Recovery Scan Tool (x64) Version:05-05-2016 01
Ran by Nathan (2016-05-05 03:49:06) Run:3
Running from C:\Users\Nathan\Desktop
Loaded Profiles: Nathan (Available Profiles: Nathan & Steven & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\Nathan\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KCSZMGS0\white[1].htm => moved successfully
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RDCHLRN\Patch iO\Ableton LivePatch [io].rar => moved successfully
E:\$RECYCLE.BIN\S-1-5-21-4090265111-1262118858-1950374410-1000\$RR35D84\Patch iO\Ableton LivePatch [io].rar => moved successfully
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-03 184812\Backup files 16.zip => moved successfully
E:\NATHAN-PC\Backup Set 2016-04-03 184812\Backup Files 2016-04-24 190835\Backup files 1.zip => moved successfully
EmptyTemp: => 432.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 03:49:15 ====
nblaster is offline  
Old 05-05-2016, 02:11 AM   #19
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



any thing more?
nblaster is offline  
Old 05-05-2016, 02:53 AM   #20
Registered Member
 
Join Date: May 2016
Posts: 14
OS: Windows10



Thank you for all of the help! I'm glad to have a healthy computer again.
nblaster is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 7 malware infection rate soars in 2012
Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today. But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP. Data from Microsoft's newest twice-yearly security report...
Glaswegian Computer Security News 0 10-09-2012 01:16 PM
Possible Infection (Can connect, but can't use browser)
Hi, Thanks in advance for any help you can give me. I was referred to this section of the forum from this thread. Basically, I'm unable to use any browsers to surf the web, despite the fact that I am able to connect (I know this because I can even download files using other software, e.g....
Guest777 Inactive Malware Help Topics 30 01-24-2012 01:07 PM
Unknown infection
TDSSkiller didn't find a thing and I was able to remove the Google redirect virus through the registry and it seems to be gone now. However, something new is happening. Every time I visit a website and click on really any link (making a topic on forums,looking on something on ebay,) it redirects...
Compfreak86 Inactive Malware Help Topics 0 12-16-2011 10:37 AM
Win7 infection rates rose during the second half of 2010
Win7 machines harder hit by infection as VXers change tactics ? The Register
reventon Computer Security News 0 05-15-2011 06:46 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:35 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts