Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 cer0

cer0

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 13 August 2015 - 06:58 PM

I scanned my computer with GMER and the results were:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-08-13 19:29:04
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev. 0.00MB
Running: 1w2upygh.exe; Driver: C:\Users\*****\AppData\Local\Temp\ufndrkob.sys


---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [556:632] fffff960af317300
Thread C:\Windows\system32\svchost.exe [1000:12992] 00007ffbee7c2a70
Thread C:\Windows\system32\svchost.exe [25432:26516] 00007ffbfae52140
Thread C:\Program Files\Internet Explorer\iexplore.exe [9660:15260] 00007ffbf2f001b0

---- EOF - GMER 2.1 ----



Then I ran aswMBR and the results were:

19:48:51.375 Initialize success
19:48:52.045 VM: initialized successfully
19:48:52.046 VM: Amd CPU BiosDisabled
19:49:08.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:08.299 Disk 0 Vendor: Hitachi_HDS721010CLA330 JP4OA3MA Size: 953869MB BusType: 3
19:49:08.385 Disk 0 MBR read successfully
19:49:08.393 Disk 0 MBR scan
19:49:08.403 Disk 0 Windows 7 default MBR code
19:49:08.415 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
19:49:08.418 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953367 MB offset 1026048
19:49:08.432 Disk 0 scanning C:\Windows\system32\drivers
19:49:11.721 Service scanning
19:49:22.846 Modules scanning
19:49:22.868 Disk 0 trace - called modules:
19:49:22.884 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
19:49:22.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000395d2060]
19:49:22.901 3 CLASSPNP.SYS[fffff80138a946c5] -> nt!IofCallDriver -> [0xffffe00038bfe660]
19:49:22.906 5 ACPI.sys[fffff80137ea1361] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe00038bf9060]
19:49:22.911 Disk 0 statistics 122374/0/0 @ 25.84 MB/s
19:49:22.917 Scan finished successfully
19:49:35.944 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
19:49:35.975 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"



and finally I ran RogueKiller and got

RogueKiller V10.10.0.0 [Aug 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : **** [Administrator]
Started from : C:\Users\Kyle\Downloads\RogueKiller.exe
Mode : Scan -- Date : 08/13/2015 18:49:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 8 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b0770 (jmp dword [0x76b3602c])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b3650 (jmp dword [0x76b36030])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b0770 (jmp dword [0x76b3602c])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b3650 (jmp dword [0x76b36030])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b0770 (jmp dword [0x76b3602c])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b3650 (jmp dword [0x76b36030])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetKnownFolderIDList : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b0770 (jmp dword [0x76b3602c])
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetKnownFolderItem : C:\Windows\SYSTEM32\windows.storage.dll @ 0x760b3650 (jmp dword [0x76b36030])

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA330 ATA Device +++++
--- User ---
[MBR] 4f3cb0030002ac95644ac39662f165f9
[BSP] cbdfd08a3689b3b5026ddf27e2652060 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 953367 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



 
Anyone know which rootkit would this be? and my Gateway from Comcast was hacked also. Someone cracked the Wi-Fi, and that I how I got these rootkits.

Edited by Elise, 23 August 2015 - 11:33 AM.
removed code boxes due to compatibility issue


BC AdBot (Login to Remove)

 


#2 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 14 August 2015 - 07:50 PM

Bump?



#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 15 August 2015 - 04:04 AM

Hello cer0,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

First, I need to get a little more information about the current state of the machine. Do you experience any problems with the system, including malfunctioning or misbehavior?

 

Please, follow step 6 from the Preparation Guide to generate logs from Farbar Recovery Scan Tool. When ready, please, post their content in your next reply.

 

********************

Please, download TDSSKiller  and save the file on your Desktop.

 

Note: Be sure to save the file first and then execute it. Otherwise, if executed from temporary directory, problems may occur.

  • Right-click on tool's icon and choose Run as Administrator.

Note: If for some reason the tool cannot run, please, try renaming it to a random generated name.

  • Push the Start Scan button. Do not use the computer during the scan process.
  • If the scan completes with nothing found, choose Close to exit.
  • If there are malicious objects found, they will show in Scan results -> Select action for found objects.
  • Three options will be available for you. Please, ensure that Cure option is selected.
  • Choose Continue -> Reboot now to finish the cleaning process by the tool.

Important note: If the Cure option is not available, choose Skip instead. Do not choose Delete unless instructed to do so.

  • A log file, named as following - TDSSKiller_Version_Date_Time_Log.txt will be created in the root directory (C:\)

Please, post the content of the log file in your next post.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 17 August 2015 - 11:53 PM

Hello cer0,

 

It's been almost three days without a reply from you. Are you still with us? Please, remember than after two more days of inactivity, the topic will be closed.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 August 2015 - 04:17 PM

Very sorry, running steps right now.



#6 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 August 2015 - 04:20 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Kyle (administrator) on DESKTOP-5GOUVDV (18-08-2015 17:16:53)
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [493232 2015-07-14] (SHADOWDEFENDER.COM)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064592 2015-07-22] (NVIDIA Corporation)
HKLM-x32\...\Run: [AppGuardGUI] => C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [2990816 2015-02-27] (Blue Ridge Networks)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-515495464-1780819520-728762140-1001\...\Run: [OneDrive] => C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382144 2015-08-12] (Microsoft Corporation)
HKU\S-1-5-21-515495464-1780819520-728762140-1001\...\Run: [Private Internet Access] => C:\Program Files\pia_manager\pia_manager.exe [8817658 2015-08-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-515495464-1780819520-728762140-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\..\Interfaces\{01852271-fbf4-432a-ac1b-5219f0052adc}: [NameServer] 75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{48dbf4e8-0325-4b5e-8973-684e3f3bb5d8}: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-08-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-08-13] (Kaspersky Lab ZAO)
R2 BRN_APPGUARD_SERVICE; C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [788192 2015-02-27] (Blue Ridge Networks)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-21] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-21] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-07-23] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [988672 2015-08-02] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-11] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-23] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-23] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-08-13] (VIA Technologies, Inc.)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [74936 2015-07-14] (SHADOWDEFENDER.COM)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BrnFileLock; c:\windows\system32\drivers\brnfilelock.sys [80672 2015-02-18] (Blue Ridge Networks)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [458936 2015-07-14] (SHADOWDEFENDER.COM)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [937656 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [78008 2015-06-26] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2015-08-13] ()
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-13] ()
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-13] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 17:16 - 2015-08-18 17:16 - 00017203 _____ C:\Users\Kyle\Downloads\FRST.txt
2015-08-18 17:16 - 2015-08-18 17:16 - 00000000 ____D C:\FRST
2015-08-18 17:13 - 2015-08-18 17:16 - 02173440 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2015-08-18 17:10 - 2015-08-18 17:10 - 00016148 _____ C:\Windows\system32\DESKTOP-5GOUVDV_Kyle_HistoryPrediction.bin
2015-08-15 03:41 - 2015-08-15 03:41 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\dvdcss
2015-08-14 23:44 - 2015-08-12 01:57 - 02178560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-08-14 23:44 - 2015-08-12 01:22 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-08-14 00:09 - 2015-08-14 00:09 - 00003120 _____ C:\Windows\ULYP5O85.ocx
2015-08-14 00:09 - 2015-08-14 00:09 - 00003120 _____ C:\Windows\system32\JE9I4EW5.ocx
2015-08-14 00:09 - 2015-08-14 00:09 - 00000000 ____D C:\Users\Kyle\Documents\MyPrivateFolder
2015-08-14 00:09 - 2015-08-14 00:09 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\blue ridge networks
2015-08-14 00:08 - 2015-08-14 00:08 - 00000000 _____ C:\Windows\diskptex.dat
2015-08-14 00:08 - 2015-08-14 00:08 - 00000000 _____ C:\Windows\diskpt.dat
2015-08-13 22:30 - 2015-08-13 22:30 - 00000000 ___RD C:\Sandbox
2015-08-13 22:28 - 2015-08-14 00:06 - 00000000 ____D C:\Program Files\Sandboxie
2015-08-13 22:28 - 2015-08-13 22:28 - 00001024 _____ C:\.rnd
2015-08-13 22:28 - 2015-08-13 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-13 22:28 - 2015-08-13 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenable Network Security
2015-08-13 22:28 - 2015-08-13 22:28 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-13 22:12 - 2015-08-13 22:12 - 00002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-13 22:12 - 2015-08-13 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-13 22:12 - 2015-08-13 22:12 - 00000000 ____D C:\Program Files\CCleaner
2015-08-13 22:11 - 2015-08-13 22:11 - 00002467 _____ C:\Users\Kyle\Desktop\Safe Money.lnk
2015-08-13 22:09 - 2015-08-13 22:09 - 00002205 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-08-13 22:09 - 2015-08-13 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-08-13 22:08 - 2015-08-18 17:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-13 22:08 - 2015-08-13 22:08 - 00017280 _____ () C:\Windows\system32\Drivers\ASACPI.sys
2015-08-13 22:08 - 2015-08-13 22:08 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-13 22:08 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-08-13 22:08 - 2015-06-30 01:05 - 00937656 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-13 22:08 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-13 22:08 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-08-13 21:50 - 2015-08-13 21:50 - 00001083 _____ C:\Users\Public\Desktop\Shadow Defender.lnk
2015-08-13 21:50 - 2015-08-13 21:50 - 00000064 _____ C:\Windows\diskpt.crt
2015-08-13 21:50 - 2015-08-13 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender
2015-08-13 21:50 - 2015-08-13 21:50 - 00000000 ____D C:\Program Files\Shadow Defender
2015-08-13 21:50 - 2015-07-14 05:14 - 00458936 _____ (SHADOWDEFENDER.COM) C:\Windows\system32\Drivers\diskpt.sys
2015-08-13 21:49 - 2015-08-13 21:49 - 03455896 _____ (Igor Pavlov) C:\Users\Kyle\Downloads\SD1.4.0.588_Setup.exe
2015-08-13 21:45 - 2015-08-13 21:45 - 00002303 _____ C:\Users\Public\Desktop\AppGuard.lnk
2015-08-13 21:45 - 2015-08-13 21:45 - 00000000 ____D C:\Windows\Downloaded Installations
2015-08-13 21:45 - 2015-08-13 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ridge Networks
2015-08-13 21:45 - 2015-08-13 21:45 - 00000000 ____D C:\ProgramData\Blue Ridge Networks
2015-08-13 21:45 - 2015-08-13 21:45 - 00000000 ____D C:\Program Files (x86)\Blue Ridge Networks
2015-08-13 21:44 - 2015-08-13 21:45 - 21462048 _____ (Blue Ridge Networks ) C:\Users\Kyle\Downloads\AppGuardSetup.exe
2015-08-13 21:43 - 2015-08-13 21:49 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\qBittorrent
2015-08-13 21:43 - 2015-08-13 21:43 - 00000000 ____D C:\Users\Kyle\AppData\Local\qBittorrent
2015-08-13 21:42 - 2015-08-13 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-08-13 21:42 - 2015-08-13 21:42 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-08-13 21:41 - 2015-08-13 21:41 - 11977503 _____ (The qBittorrent project) C:\Users\Kyle\Downloads\qbittorrent_3.2.3_setup.exe
2015-08-13 21:35 - 2015-08-13 21:35 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Titanium
2015-08-13 21:31 - 2015-08-13 21:37 - 00000000 ____D C:\Program Files\pia_manager
2015-08-13 21:31 - 2015-08-13 21:31 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-08-13 21:31 - 2015-08-13 21:31 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-08-13 21:29 - 2015-08-13 21:31 - 25723531 _____ C:\Users\Kyle\Downloads\installer_win.exe
2015-08-13 21:03 - 2015-08-13 21:05 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 21:03 - 2015-08-13 21:03 - 09068544 _____ (Acreon Inc.) C:\Users\Kyle\Downloads\WowMatrix.exe
2015-08-13 21:03 - 2015-08-13 21:03 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-08-13 21:03 - 2015-08-13 21:03 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Acreon
2015-08-13 21:03 - 2015-08-13 21:03 - 00000000 ____D C:\Users\Kyle\AppData\Local\._LiveCode_
2015-08-13 21:03 - 2015-08-13 21:03 - 00000000 ____D C:\Program Files\VIA
2015-08-13 21:03 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 21:02 - 2015-08-13 21:02 - 27898680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 07235584 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 07235584 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 03309264 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 02130448 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 02027184 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 02012496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 01752904 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 01180496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 01031376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00896344 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00754760 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00633904 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00568304 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00446224 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00446224 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00400504 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00147224 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00147216 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00132248 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00130144 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00130144 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00104088 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00101016 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00094720 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00093712 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00084688 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00084688 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00080400 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00067272 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00064152 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2015-08-13 21:02 - 2015-08-13 21:02 - 00063144 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2015-08-13 21:02 - 2015-08-13 21:02 - 00042192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2015-08-13 21:02 - 2015-08-13 21:02 - 00036504 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-08-13 21:02 - 2015-08-08 00:30 - 08020320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:02 - 2015-08-08 00:29 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:02 - 2015-08-08 00:19 - 00608936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-08-13 21:02 - 2015-08-08 00:01 - 01533496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 21:02 - 2015-08-07 23:48 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-08-13 21:02 - 2015-08-07 23:40 - 00365056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:02 - 2015-08-07 23:24 - 02415104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:02 - 2015-08-07 23:24 - 01679360 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:02 - 2015-08-07 23:22 - 01105920 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:02 - 2015-08-07 23:21 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2015-08-13 21:02 - 2015-08-07 23:15 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 21:02 - 2015-08-07 23:00 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 21:02 - 2015-08-05 20:18 - 00290768 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2015-08-13 21:02 - 2015-08-05 20:17 - 00237392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-08-13 21:02 - 2015-08-05 20:17 - 00200528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2015-08-13 21:02 - 2015-08-05 19:36 - 21874176 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-08-13 21:02 - 2015-08-05 19:22 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2015-08-13 21:02 - 2015-08-05 19:03 - 18805248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-08-13 21:02 - 2015-08-04 21:49 - 00783112 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-08-13 21:02 - 2015-08-04 21:29 - 00644128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-08-13 21:02 - 2015-08-04 21:03 - 02416640 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-08-13 21:02 - 2015-08-04 21:00 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-08-13 21:02 - 2015-08-04 20:54 - 01274880 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-08-13 21:02 - 2015-08-04 20:47 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-08-13 21:02 - 2015-08-04 20:47 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-08-13 21:02 - 2015-08-04 20:43 - 01916416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-08-13 21:02 - 2015-08-04 20:39 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-08-13 21:02 - 2015-08-03 21:08 - 02462648 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-08-13 21:02 - 2015-08-03 21:07 - 00102752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:02 - 2015-08-03 21:06 - 00583128 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-08-13 21:02 - 2015-08-03 21:06 - 00243248 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-08-13 21:02 - 2015-08-03 20:50 - 02151208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-08-13 21:02 - 2015-08-03 20:23 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2015-08-13 21:02 - 2015-08-03 20:21 - 16709120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 21:02 - 2015-08-03 20:10 - 13025792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 21:02 - 2015-08-03 19:59 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2015-08-13 21:02 - 2015-08-03 19:47 - 00898560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-08-13 21:02 - 2015-08-02 19:32 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2015-08-13 21:02 - 2015-08-02 19:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2015-08-13 21:02 - 2015-08-02 19:19 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-08-13 21:02 - 2015-08-02 19:19 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-08-13 21:02 - 2015-08-02 19:18 - 08613200 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2015-08-13 21:02 - 2015-08-02 19:18 - 01983840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-08-13 21:02 - 2015-08-02 19:18 - 00594472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2015-08-13 21:02 - 2015-08-02 19:18 - 00046432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2015-08-13 21:02 - 2015-08-02 19:17 - 00516960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-08-13 21:02 - 2015-08-02 19:17 - 00052264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-08-13 21:02 - 2015-08-02 19:13 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:02 - 2015-08-02 19:12 - 00801632 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2015-08-13 21:02 - 2015-08-02 18:56 - 06878256 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-13 21:02 - 2015-08-02 18:50 - 20857848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 21:02 - 2015-08-02 18:49 - 00700256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2015-08-13 21:02 - 2015-08-02 18:31 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2015-08-13 21:02 - 2015-08-02 18:30 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_UserAccount.dll
2015-08-13 21:02 - 2015-08-02 18:24 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-13 21:02 - 2015-08-02 18:24 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-08-13 21:02 - 2015-08-02 18:24 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-08-13 21:02 - 2015-08-02 18:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModelShim.dll
2015-08-13 21:02 - 2015-08-02 18:23 - 02446336 _____ C:\Windows\system32\InputService.dll
2015-08-13 21:02 - 2015-08-02 18:23 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2015-08-13 21:02 - 2015-08-02 18:22 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2015-08-13 21:02 - 2015-08-02 18:22 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-08-13 21:02 - 2015-08-02 18:22 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2015-08-13 21:02 - 2015-08-02 18:22 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2015-08-13 21:02 - 2015-08-02 18:21 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\coredpus.dll
2015-08-13 21:02 - 2015-08-02 18:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 21:02 - 2015-08-02 18:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 21:02 - 2015-08-02 18:18 - 12503552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:02 - 2015-08-02 18:18 - 03780096 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-08-13 21:02 - 2015-08-02 18:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2015-08-13 21:02 - 2015-08-02 18:18 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\NetworkStatus.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2015-08-13 21:02 - 2015-08-02 18:15 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
2015-08-13 21:02 - 2015-08-02 18:14 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-13 21:02 - 2015-08-02 18:14 - 00247808 _____ C:\Windows\system32\facecredentialprovider.dll
2015-08-13 21:02 - 2015-08-02 18:12 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-13 21:02 - 2015-08-02 18:12 - 01890304 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-13 21:02 - 2015-08-02 18:12 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2015-08-13 21:02 - 2015-08-02 18:12 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-08-13 21:02 - 2015-08-02 18:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2015-08-13 21:02 - 2015-08-02 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2015-08-13 21:02 - 2015-08-02 18:11 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2015-08-13 21:02 - 2015-08-02 18:10 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-08-13 21:02 - 2015-08-02 18:06 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 21:02 - 2015-08-02 18:03 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2015-08-13 21:02 - 2015-08-02 18:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-08-13 21:02 - 2015-08-02 18:02 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-13 21:02 - 2015-08-02 18:01 - 11262464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 21:02 - 2015-08-02 18:00 - 01593856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-13 21:02 - 2015-08-02 17:59 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2015-08-13 21:02 - 2015-07-05 03:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-08-13 20:53 - 2015-08-13 20:53 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-08-13 20:29 - 2015-08-13 20:29 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Kyle\Downloads\tdsskiller.exe
2015-08-13 20:15 - 2015-08-13 20:15 - 00000000 ____D C:\Users\Kyle\Downloads\VIA_Audio_V6018300_XpVistaWin7
2015-08-13 20:07 - 2015-08-13 20:15 - 76416062 _____ C:\Users\Kyle\Downloads\VIA_Audio_V6018300_XpVistaWin7.zip
2015-08-13 19:51 - 2015-08-13 19:51 - 00231390 _____ C:\Users\Kyle\Downloads\RootkitRevealer.zip
2015-08-13 19:51 - 2015-08-13 19:51 - 00000000 ____D C:\Users\Kyle\Downloads\RootkitRevealer
2015-08-13 19:49 - 2015-08-13 19:49 - 00001785 _____ C:\Users\Kyle\Desktop\aswMBR.txt
2015-08-13 19:49 - 2015-08-13 19:49 - 00000512 _____ C:\Users\Kyle\Desktop\MBR.dat
2015-08-13 19:48 - 2015-08-13 19:48 - 05198336 _____ (AVAST Software) C:\Users\Kyle\Downloads\aswMBR.exe
2015-08-13 19:47 - 2015-08-13 19:47 - 00000232 _____ C:\Users\Kyle\Downloads\fsbl-20150814024710.log
2015-08-13 19:46 - 2015-08-13 19:46 - 00000232 _____ C:\Users\Kyle\Downloads\fsbl-20150814024601.log
2015-08-13 19:42 - 2015-08-13 19:45 - 01137360 _____ (F-Secure Corporation) C:\Users\Kyle\Downloads\fsbl.exe
2015-08-13 19:42 - 2015-08-13 19:42 - 00000000 ____D C:\Users\Kyle\AppData\Local\Secunia PSI
2015-08-13 19:42 - 2015-08-13 19:42 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-08-13 19:36 - 2015-08-13 19:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-13 19:29 - 2015-08-13 19:29 - 00000799 _____ C:\Users\Kyle\Desktop\gmer.log
2015-08-13 19:22 - 2015-08-13 19:22 - 00380416 _____ C:\Users\Kyle\Downloads\1w2upygh.exe
2015-08-13 19:18 - 2015-08-13 19:18 - 00005044 _____ C:\Users\Kyle\Desktop\RK.txt
2015-08-13 19:02 - 2015-08-13 19:02 - 00001305 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2015-08-13 19:02 - 2015-08-13 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-08-13 18:59 - 2015-08-13 22:12 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-08-13 18:57 - 2015-08-13 18:57 - 00025252 _____ C:\Users\Kyle\Downloads\RickRolled.mid
2015-08-13 18:57 - 2015-08-13 18:57 - 00015360 _____ C:\Users\Kyle\Downloads\robomix.mid
2015-08-13 18:56 - 2015-08-13 18:56 - 00044691 _____ C:\Users\Kyle\Downloads\Robo_Theme_v2.mid
2015-08-13 18:56 - 2015-08-13 18:56 - 00012348 _____ C:\Users\Kyle\Downloads\metal_dancer.mid
2015-08-13 18:56 - 2015-08-13 18:56 - 00011043 _____ C:\Users\Kyle\Downloads\ctrobo.mid
2015-08-13 18:44 - 2015-08-14 00:06 - 00000000 ____D C:\Users\Kyle\AppData\Local\Battle.net
2015-08-13 18:44 - 2015-08-13 18:45 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Battle.net
2015-08-13 18:44 - 2015-08-13 18:44 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-08-13 18:44 - 2015-08-13 18:44 - 00000000 ____D C:\Users\Kyle\AppData\Local\Blizzard Entertainment
2015-08-13 18:44 - 2015-08-13 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-08-13 18:44 - 2015-08-13 18:44 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-08-13 18:44 - 2015-08-13 18:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-13 18:33 - 2015-08-13 18:34 - 00000000 ____D C:\Users\Kyle\Documents\#Emulation
2015-08-13 18:22 - 2015-08-13 18:22 - 00000605 _____ C:\Users\Kyle\Desktop\JRT.txt
2015-08-13 18:20 - 2015-08-14 03:37 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashDumps
2015-08-13 18:19 - 2015-08-13 18:20 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Kyle\Downloads\JRT.exe
2015-08-13 18:17 - 2015-08-13 18:38 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-13 18:17 - 2015-08-13 18:17 - 18723912 _____ C:\Users\Kyle\Downloads\RogueKiller.exe
2015-08-13 18:17 - 2015-08-13 18:17 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-13 18:16 - 2015-08-13 18:17 - 00002416 _____ C:\Users\Kyle\Desktop\FSS.txt
2015-08-13 18:16 - 2015-08-13 18:16 - 00899072 _____ (Farbar) C:\Users\Kyle\Downloads\FSS.exe
2015-08-13 18:10 - 2015-08-13 18:10 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-13 17:34 - 2015-07-29 23:24 - 01561872 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-08-13 17:34 - 2015-07-29 23:23 - 00527952 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-08-13 17:34 - 2015-07-29 23:21 - 00816576 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-08-13 17:34 - 2015-07-29 23:17 - 01200400 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 17:34 - 2015-07-29 23:17 - 01025840 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-08-13 17:34 - 2015-07-29 23:16 - 02147080 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-08-13 17:34 - 2015-07-29 23:15 - 00632168 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-08-13 17:34 - 2015-07-29 23:14 - 00333168 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-08-13 17:34 - 2015-07-29 23:09 - 01562968 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-08-13 17:34 - 2015-07-29 23:06 - 01043872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-08-13 17:34 - 2015-07-29 23:05 - 02498808 _____ C:\Windows\system32\CoreUIComponents.dll
2015-08-13 17:34 - 2015-07-29 23:05 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-08-13 17:34 - 2015-07-29 23:04 - 01396064 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-08-13 17:34 - 2015-07-29 23:03 - 02116448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-08-13 17:34 - 2015-07-29 22:24 - 00252768 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2015-08-13 17:34 - 2015-07-29 21:29 - 00705520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-13 17:34 - 2015-07-29 21:26 - 01867160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-08-13 17:34 - 2015-07-29 21:26 - 00877016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-08-13 17:34 - 2015-07-29 21:25 - 01356368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-08-13 17:34 - 2015-07-29 21:25 - 00713312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-08-13 17:34 - 2015-07-29 21:24 - 01769056 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-08-13 17:34 - 2015-07-29 21:24 - 00445240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-08-13 17:34 - 2015-07-29 21:24 - 00407616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-08-13 17:34 - 2015-07-29 21:24 - 00285632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-08-13 17:34 - 2015-07-29 21:22 - 00896144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-08-13 17:34 - 2015-07-29 21:22 - 00507696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-08-13 17:34 - 2015-07-29 21:21 - 00962400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-08-13 17:34 - 2015-07-29 21:12 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2015-08-13 17:34 - 2015-07-29 21:12 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-08-13 17:34 - 2015-07-29 21:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2015-08-13 17:34 - 2015-07-29 21:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-08-13 17:34 - 2015-07-29 21:08 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-08-13 17:34 - 2015-07-29 21:08 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2015-08-13 17:34 - 2015-07-29 20:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-08-13 17:34 - 2015-07-29 20:52 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-08-13 17:34 - 2015-07-29 20:52 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2015-08-13 17:34 - 2015-07-29 20:52 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2015-08-13 17:34 - 2015-07-29 20:49 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-08-13 17:34 - 2015-07-29 20:49 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-13 17:34 - 2015-07-29 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-08-13 17:34 - 2015-07-29 20:46 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-08-13 17:34 - 2015-07-29 20:46 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2015-08-13 17:34 - 2015-07-29 20:46 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-08-13 17:34 - 2015-07-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-08-13 17:34 - 2015-07-29 20:44 - 02662400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2015-08-13 17:34 - 2015-07-29 20:44 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-13 17:34 - 2015-07-29 20:44 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2015-08-13 17:34 - 2015-07-29 20:44 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2015-08-13 17:34 - 2015-07-29 20:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-08-13 17:34 - 2015-07-29 20:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\VoiceActivationManager.dll
2015-08-13 17:34 - 2015-07-29 20:42 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2015-08-13 17:34 - 2015-07-29 20:41 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2015-08-13 17:34 - 2015-07-29 20:41 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2015-08-13 17:34 - 2015-07-29 20:40 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-08-13 17:34 - 2015-07-29 20:38 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-08-13 17:34 - 2015-07-29 20:38 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2015-08-13 17:34 - 2015-07-29 20:34 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2015-08-13 17:34 - 2015-07-29 20:29 - 00654848 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-08-13 17:34 - 2015-07-29 20:10 - 00585728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-13 17:34 - 2015-07-29 20:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-13 17:34 - 2015-07-29 20:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-08-13 17:34 - 2015-07-29 20:06 - 00373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2015-08-13 17:34 - 2015-07-29 20:06 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2015-08-13 17:34 - 2015-07-29 20:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VoiceActivationManager.dll
2015-08-13 17:34 - 2015-07-29 20:04 - 01714176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-08-13 17:34 - 2015-07-29 20:04 - 00335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-08-13 17:34 - 2015-07-29 19:59 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-08-13 17:34 - 2015-07-29 19:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-08-13 17:34 - 2015-07-25 22:16 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-08-13 17:34 - 2015-07-25 22:16 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-08-13 17:34 - 2015-07-25 22:15 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-08-13 17:34 - 2015-07-25 22:14 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-08-13 17:34 - 2015-07-25 22:14 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-08-13 17:34 - 2015-07-25 22:06 - 00607008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-08-13 17:34 - 2015-07-25 21:28 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-08-13 17:34 - 2015-07-25 20:49 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-08-13 17:34 - 2015-07-25 20:47 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-08-13 17:34 - 2015-07-25 20:40 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-08-13 17:34 - 2015-07-25 20:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-08-13 17:34 - 2015-07-25 20:39 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-08-13 17:34 - 2015-07-25 20:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2015-08-13 17:34 - 2015-07-25 20:35 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2015-08-13 17:34 - 2015-07-25 20:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-08-13 17:34 - 2015-07-25 20:30 - 00750592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-08-13 17:34 - 2015-07-25 20:30 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-08-13 17:34 - 2015-07-25 20:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2015-08-13 17:34 - 2015-07-23 20:30 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-08-13 17:34 - 2015-07-23 20:18 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-08-13 17:34 - 2015-07-23 20:17 - 00991584 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-08-13 17:34 - 2015-07-23 20:17 - 00695136 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2015-08-13 17:34 - 2015-07-23 20:17 - 00521568 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2015-08-13 17:34 - 2015-07-23 20:12 - 00584544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-08-13 17:34 - 2015-07-23 20:11 - 00845664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-08-13 17:34 - 2015-07-23 19:55 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-13 17:34 - 2015-07-23 19:46 - 02224128 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-08-13 17:34 - 2015-07-23 19:46 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-08-13 17:34 - 2015-07-23 19:46 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2015-08-13 17:34 - 2015-07-23 19:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2015-08-13 17:34 - 2015-07-23 19:40 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-08-13 17:34 - 2015-07-23 19:39 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-08-13 17:34 - 2015-07-23 19:34 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2015-08-13 17:34 - 2015-07-23 19:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-08-13 17:34 - 2015-07-23 19:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2015-08-13 17:34 - 2015-07-23 19:25 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-08-13 17:34 - 2015-07-23 19:24 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2015-08-13 17:34 - 2015-07-23 19:24 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2015-08-13 17:34 - 2015-07-23 19:24 - 00925696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-08-13 17:34 - 2015-07-23 19:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2015-08-13 17:34 - 2015-07-23 19:24 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2015-08-13 17:34 - 2015-07-21 22:18 - 00808856 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2015-08-13 17:34 - 2015-07-21 22:15 - 00565088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-08-13 17:34 - 2015-07-21 22:02 - 00966424 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-08-13 17:34 - 2015-07-21 21:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-08-13 17:34 - 2015-07-21 21:00 - 02235904 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 17:34 - 2015-07-21 21:00 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 17:34 - 2015-07-21 21:00 - 00242264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2015-08-13 17:34 - 2015-07-21 21:00 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-08-13 17:34 - 2015-07-21 20:59 - 01773056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-08-13 17:34 - 2015-07-21 20:53 - 00762896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-08-13 17:34 - 2015-07-21 20:48 - 01334784 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-08-13 17:34 - 2015-07-21 20:46 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-08-13 17:34 - 2015-07-21 20:21 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-08-13 17:34 - 2015-07-21 20:13 - 01611264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-08-13 17:34 - 2015-07-21 20:13 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 17:34 - 2015-07-21 20:10 - 00828416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-13 17:34 - 2015-07-21 20:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-13 17:34 - 2015-07-21 20:04 - 01112064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-08-13 17:34 - 2015-07-21 20:03 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-08-13 17:34 - 2015-07-21 19:50 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-08-13 17:34 - 2015-07-18 20:54 - 01168736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 17:34 - 2015-07-18 20:23 - 00505344 _____ C:\Windows\system32\EditionUpgradeManagerObj.dll
2015-08-13 17:34 - 2015-07-18 20:18 - 00430592 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2015-08-13 17:34 - 2015-07-18 20:12 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-08-13 17:34 - 2015-07-18 20:02 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-08-13 17:34 - 2015-07-18 19:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-08-13 17:34 - 2015-07-18 01:48 - 00916800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-08-13 17:34 - 2015-07-18 01:47 - 00082616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcd.dll
2015-08-13 17:34 - 2015-07-18 00:43 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2015-08-13 17:34 - 2015-07-18 00:39 - 00448512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-08-13 17:34 - 2015-07-18 00:37 - 01043968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2015-08-13 17:34 - 2015-07-18 00:28 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2015-08-13 17:34 - 2015-07-18 00:28 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 17:34 - 2015-07-18 00:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2015-08-13 17:34 - 2015-07-17 22:18 - 01085776 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-08-13 17:34 - 2015-07-17 22:17 - 00097128 _____ (Microsoft Corporation) C:\Windows\system32\bcd.dll
2015-08-13 17:34 - 2015-07-17 22:02 - 00290312 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-08-13 17:34 - 2015-07-17 21:06 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2015-08-13 17:34 - 2015-07-17 21:01 - 00562688 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-08-13 17:34 - 2015-07-17 20:59 - 01411072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll
2015-08-13 17:34 - 2015-07-17 20:59 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\DevicesFlowBroker.dll
2015-08-13 17:34 - 2015-07-17 20:50 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-08-13 17:34 - 2015-07-17 20:50 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 17:34 - 2015-07-17 20:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2015-08-13 17:34 - 2015-07-17 20:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2015-08-13 17:34 - 2015-07-17 20:49 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2015-08-13 17:34 - 2015-07-17 20:48 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-08-13 17:34 - 2015-07-17 20:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2015-08-13 17:34 - 2015-07-17 20:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-08-13 17:34 - 2015-07-16 21:23 - 00934752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2015-08-13 17:34 - 2015-07-16 21:13 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-13 17:34 - 2015-07-16 21:07 - 00425824 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-08-13 17:34 - 2015-07-16 19:39 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-08-13 17:34 - 2015-07-16 19:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-13 17:34 - 2015-07-16 19:33 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2015-08-13 17:34 - 2015-07-16 19:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\omadmprc.exe
2015-08-13 17:34 - 2015-07-16 19:32 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-08-13 17:34 - 2015-07-16 19:31 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 17:34 - 2015-07-16 19:26 - 07051264 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-08-13 17:34 - 2015-07-16 19:26 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2015-08-13 17:34 - 2015-07-16 19:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2015-08-13 17:34 - 2015-07-16 19:21 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2015-08-13 17:34 - 2015-07-16 19:19 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-08-13 17:34 - 2015-07-16 19:19 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-08-13 17:34 - 2015-07-16 19:19 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-08-13 17:34 - 2015-07-16 19:18 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-08-13 17:34 - 2015-07-16 19:16 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2015-08-13 17:34 - 2015-07-16 19:05 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-08-13 17:34 - 2015-07-16 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-13 17:34 - 2015-07-16 18:53 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2015-08-13 17:34 - 2015-07-16 18:51 - 05076480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-08-13 17:34 - 2015-07-16 18:50 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2015-08-13 17:34 - 2015-07-16 18:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-08-13 17:34 - 2015-07-16 18:44 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-08-13 17:34 - 2015-07-15 22:39 - 00061280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-08-13 17:34 - 2015-07-15 22:11 - 03620736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 17:34 - 2015-07-15 21:55 - 02878000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 17:34 - 2015-07-15 21:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2015-08-13 17:34 - 2015-07-15 21:04 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2015-08-13 17:34 - 2015-07-15 21:03 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.OneCore.dll
2015-08-13 17:34 - 2015-07-15 21:01 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-13 17:34 - 2015-07-15 20:54 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2015-08-13 17:34 - 2015-07-15 20:47 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2015-08-13 17:34 - 2015-07-15 20:45 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-08-13 17:34 - 2015-07-15 20:44 - 02741760 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 17:34 - 2015-07-15 20:43 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 17:34 - 2015-07-15 20:41 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2015-08-13 17:34 - 2015-07-15 20:40 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-08-13 17:34 - 2015-07-15 20:36 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV2.dll
2015-08-13 17:34 - 2015-07-15 20:35 - 01521664 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2015-08-13 17:34 - 2015-07-15 20:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2015-08-13 17:34 - 2015-07-15 20:32 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-08-13 17:34 - 2015-07-15 20:29 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 17:34 - 2015-07-15 20:27 - 02207744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 17:34 - 2015-07-15 20:19 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2015-08-13 17:34 - 2015-07-14 20:21 - 01365072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-13 17:34 - 2015-07-14 19:49 - 01591856 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-13 17:34 - 2015-07-14 19:49 - 00325984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-08-13 17:34 - 2015-07-14 19:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-08-13 17:34 - 2015-07-14 19:04 - 00032768 _____ C:\Windows\system32\LicenseManagerApi.dll
2015-08-13 17:34 - 2015-07-14 18:59 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2015-08-13 17:34 - 2015-07-14 18:57 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\OmaDmAgent.dll
2015-08-13 17:34 - 2015-07-14 18:41 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2015-08-13 17:34 - 2015-07-14 18:37 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.ProxyStub.dll
2015-08-13 17:34 - 2015-07-14 18:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\unenrollhook.dll
2015-08-13 17:34 - 2015-07-14 18:27 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-13 17:34 - 2015-07-13 20:00 - 00208736 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-08-13 17:34 - 2015-07-13 19:37 - 00181088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-08-13 17:34 - 2015-07-13 19:04 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2015-08-13 17:34 - 2015-07-13 18:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2015-08-13 17:34 - 2015-07-13 18:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2015-08-13 17:34 - 2015-07-13 18:49 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2015-08-13 17:34 - 2015-07-13 18:38 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-08-13 17:34 - 2015-07-13 18:31 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2015-08-13 17:34 - 2015-07-13 18:20 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2015-08-13 17:34 - 2015-07-12 17:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2015-08-13 17:34 - 2015-07-12 16:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2015-08-13 17:34 - 2015-07-11 17:38 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2015-08-13 17:34 - 2015-07-11 17:25 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\SensorDataService.exe
2015-08-13 17:34 - 2015-07-11 17:18 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2015-08-13 17:34 - 2015-07-11 16:46 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2015-08-13 17:34 - 2015-07-10 18:28 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2015-08-13 17:34 - 2015-07-10 18:07 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2015-08-13 17:34 - 2015-07-10 18:05 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2015-08-13 17:34 - 2015-07-10 18:04 - 03362816 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-13 17:34 - 2015-07-10 18:03 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-13 17:34 - 2015-07-10 18:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-13 17:34 - 2015-07-10 18:02 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-13 17:34 - 2015-07-10 17:57 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2015-08-13 17:34 - 2015-07-10 17:51 - 04398080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-08-13 17:34 - 2015-07-10 17:43 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-13 17:34 - 2015-07-10 17:42 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2015-08-13 17:34 - 2015-07-10 17:41 - 03687936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-13 17:34 - 2015-07-10 17:40 - 02606080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-13 17:34 - 2015-07-10 17:40 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-13 17:34 - 2015-07-10 17:34 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2015-08-13 17:34 - 2015-07-10 08:51 - 00823336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-08-13 17:34 - 2015-07-10 08:47 - 00265480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-13 17:34 - 2015-07-10 08:00 - 01101792 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-08-13 17:34 - 2015-07-10 07:52 - 00335248 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-13 17:34 - 2015-07-10 03:59 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SignInOptions.dll
2015-08-13 17:34 - 2015-07-10 03:42 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2015-08-13 17:34 - 2015-07-10 03:10 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2015-08-13 17:34 - 2015-07-10 03:05 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2015-08-13 17:34 - 2015-07-10 02:53 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2015-08-13 17:34 - 2015-07-10 02:35 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-08-13 17:34 - 2015-07-10 02:31 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-13 17:34 - 2015-07-10 02:29 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2015-08-13 17:33 - 2015-07-29 21:42 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-13 17:33 - 2015-07-29 20:49 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-13 17:33 - 2015-07-29 20:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2015-08-13 17:33 - 2015-07-29 20:15 - 09889792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-13 17:33 - 2015-07-29 20:07 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2015-08-13 17:33 - 2015-07-25 22:13 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2015-08-13 17:33 - 2015-07-25 21:28 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-08-13 17:33 - 2015-07-25 20:49 - 04760576 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-13 17:33 - 2015-07-25 20:38 - 04350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-13 17:33 - 2015-07-23 19:52 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2015-08-13 17:33 - 2015-07-21 21:02 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-08-13 17:33 - 2015-07-21 20:55 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-08-13 17:33 - 2015-07-21 20:55 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2015-08-13 17:33 - 2015-07-21 20:54 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-13 17:33 - 2015-07-21 20:11 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-08-13 17:33 - 2015-07-21 20:07 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-08-13 17:33 - 2015-07-18 21:04 - 00658568 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2015-08-13 17:33 - 2015-07-18 00:29 - 03443200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-08-13 17:33 - 2015-07-17 20:52 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-08-13 17:33 - 2015-07-16 21:12 - 00630160 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-08-13 17:33 - 2015-07-16 19:36 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-08-13 17:33 - 2015-07-16 18:56 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-08-13 17:33 - 2015-07-14 19:41 - 01135312 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2015-08-13 17:33 - 2015-07-14 19:22 - 02112512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-13 17:33 - 2015-07-14 18:47 - 04611584 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-13 17:33 - 2015-07-10 18:22 - 00403968 _____ C:\Windows\system32\diagtrack_wininternal.dll
2015-08-13 17:33 - 2015-07-10 18:21 - 00412672 _____ C:\Windows\system32\diagtrack_win.dll
2015-08-13 17:33 - 2015-07-10 18:17 - 06305792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-08-13 17:33 - 2015-07-10 18:03 - 07523328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-08-13 17:33 - 2015-07-10 18:01 - 04791296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 17:33 - 2015-07-10 17:41 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-08-13 17:33 - 2015-07-10 17:40 - 03579904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 17:29 - 2015-08-13 17:33 - 333450438 _____ C:\Users\Kyle\Downloads\windows10.0-kb3081424-x64_166daaea0dfeb06b34f39d7aebf03ff93a7bf99e.msu
2015-08-13 17:26 - 2015-08-13 17:23 - 00000608 _____ C:\Users\Kyle\Desktop\output.txt
2015-08-13 17:26 - 2015-08-13 16:27 - 00062029 _____ C:\Users\Kyle\Desktop\dism.log
2015-08-13 17:22 - 2015-08-13 21:35 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Apple Computer
2015-08-13 17:22 - 2015-08-13 21:35 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple Computer
2015-08-13 17:22 - 2015-08-13 17:22 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-13 17:22 - 2015-08-13 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-13 17:21 - 2015-08-13 17:22 - 00000000 ____D C:\Program Files\iTunes
2015-08-13 17:21 - 2015-08-13 17:21 - 00302011 _____ C:\Users\Kyle\Downloads\WindowsUpdateDiagnostic.diagcab
2015-08-13 17:21 - 2015-08-13 17:21 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files\iPod
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files\Bonjour
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-13 17:21 - 2015-08-13 17:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-13 17:20 - 2015-08-13 17:21 - 00000000 ____D C:\ProgramData\Apple
2015-08-13 17:19 - 2015-08-13 17:20 - 155835672 _____ (Apple Inc.) C:\Users\Kyle\Downloads\iTunes6464Setup.exe
2015-08-13 16:31 - 2015-08-13 16:31 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-08-12 21:10 - 2015-08-13 20:56 - 00000000 ____D C:\Users\Kyle\Downloads\#
2015-08-12 17:43 - 2015-08-12 17:43 - 00000000 ____D C:\Users\Kyle\AppData\Local\NVIDIA Corporation
2015-08-12 17:40 - 2015-08-13 23:57 - 00000000 ____D C:\Windows\Minidump
2015-08-12 15:52 - 2015-08-12 15:53 - 00000000 ____D C:\Users\Kyle\Downloads\portlistener
2015-08-12 15:50 - 2015-08-12 15:52 - 00329035 _____ C:\Users\Kyle\Downloads\portlistener.zip
2015-08-12 13:54 - 2015-08-13 18:43 - 00000000 ____D C:\ProgramData\Battle.net
2015-08-12 13:52 - 2015-08-12 14:04 - 02907704 _____ (Blizzard Entertainment) C:\Users\Kyle\Downloads\World-of-Warcraft-Setup-enUS.exe
2015-08-12 13:01 - 2015-08-12 13:01 - 00000000 ____D C:\Users\Kyle\AppData\Local\NVIDIA
2015-08-12 12:44 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-08-12 12:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-08-12 12:44 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-08-12 12:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-08-12 12:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-08-12 12:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-08-12 12:43 - 2015-08-13 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-12 12:43 - 2015-08-12 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-12 12:43 - 2015-07-23 21:21 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-08-12 12:43 - 2015-07-23 21:21 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-08-12 12:43 - 2015-07-23 21:21 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-08-12 12:43 - 2015-07-23 21:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-08-12 12:43 - 2015-07-22 17:44 - 00572048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-12 12:42 - 2015-08-12 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-12 12:42 - 2015-07-22 21:02 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-12 12:42 - 2015-07-22 21:02 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-12 12:42 - 2015-07-22 18:10 - 06873928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-12 12:42 - 2015-07-22 18:10 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-12 12:42 - 2015-07-22 18:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-12 12:42 - 2015-07-22 18:10 - 00937800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-12 12:42 - 2015-07-22 18:10 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-12 12:42 - 2015-07-22 18:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-12 12:42 - 2015-07-21 21:29 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-08-12 12:41 - 2015-08-12 12:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-12 12:41 - 2015-07-24 17:14 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-08-12 12:41 - 2015-07-24 17:14 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-08-12 12:41 - 2015-07-24 17:14 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 42730312 _____ C:\Windows\system32\nvcompiler.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 37749064 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 30518928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 22973584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 18376584 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 16160440 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 16011680 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 15754192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 14511608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 13274904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 12973680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 11843384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 11142984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-12 12:41 - 2015-07-22 21:02 - 03351864 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 02963208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 02360976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 02164040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 01165192 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00991152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00787384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00632664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00601752 _____ C:\Windows\system32\nvmcumd.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00384464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00374600 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00364360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00340624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00314936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-12 12:41 - 2015-07-22 21:02 - 00031976 _____ C:\Windows\system32\nvinfo.pb
2015-08-12 12:41 - 2015-07-02 21:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-08-12 12:41 - 2015-07-02 21:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-08-12 12:41 - 2015-07-02 21:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-08-12 12:31 - 2015-08-12 12:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-12 12:29 - 2015-08-12 13:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-12 12:29 - 2015-08-12 12:29 - 00000000 ____D C:\Users\Kyle\AppData\Local\Google
2015-08-12 12:28 - 2015-08-12 12:29 - 294933088 _____ (NVIDIA Corporation) C:\Users\Kyle\Downloads\353.62-desktop-win10-64bit-international-whql.exe
2015-08-12 12:23 - 2015-08-12 12:23 - 00563296 _____ (Oracle Corporation) C:\Users\Kyle\Downloads\JavaSetup8u51.exe
2015-08-12 12:22 - 2015-08-13 14:43 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc
2015-08-12 12:21 - 2015-08-12 12:21 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-12 12:21 - 2015-08-12 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-12 12:21 - 2015-08-12 12:21 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-12 12:18 - 2015-08-12 12:29 - 00931408 _____ (Google Inc.) C:\Users\Kyle\Downloads\ChromeSetup.exe
2015-08-12 12:17 - 2015-08-12 12:18 - 28849904 _____ C:\Users\Kyle\Downloads\vlc-2.2.1-win32.exe
2015-08-12 12:16 - 2015-08-12 12:16 - 00000000 ____D C:\NVIDIA
2015-08-12 11:57 - 2015-08-12 12:12 - 292456168 _____ (NVIDIA Corporation) C:\Users\Kyle\Downloads\353.62-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-08-12 11:30 - 2015-08-12 11:30 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Macromedia
2015-08-12 11:27 - 2015-08-12 11:30 - 00000000 ____D C:\Users\Kyle\AppData\Local\MicrosoftEdge
2015-08-12 06:18 - 2015-08-12 05:58 - 00000000 ____D C:\Windows\Panther
2015-08-12 06:03 - 2015-08-12 06:03 - 00002331 _____ C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-12 06:03 - 2015-08-12 06:03 - 00000000 ___RD C:\Users\Kyle\OneDrive
2015-08-12 06:02 - 2015-08-18 17:17 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-12 06:02 - 2015-08-12 06:02 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-12 06:01 - 2015-08-12 06:01 - 00000000 ____D C:\Users\Kyle\AppData\Local\Publishers
2015-08-12 06:00 - 2015-08-14 00:07 - 00000000 ____D C:\Users\Kyle
2015-08-12 06:00 - 2015-08-12 06:18 - 00000000 ____D C:\Users\Kyle\AppData\Local\Packages
2015-08-12 06:00 - 2015-08-12 06:00 - 00016148 _____ C:\Windows\system32\DESKTOP-5GOUVDV_defaultuser0_HistoryPrediction.bin
2015-08-12 06:00 - 2015-08-12 06:00 - 00000020 ___SH C:\Users\Kyle\ntuser.ini
2015-08-12 06:00 - 2015-08-12 06:00 - 00000000 ___RD C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 06:00 - 2015-08-12 06:00 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Adobe
2015-08-12 06:00 - 2015-08-12 06:00 - 00000000 ____D C:\Users\Kyle\AppData\Local\VirtualStore
2015-08-12 06:00 - 2015-08-12 06:00 - 00000000 ____D C:\Users\Kyle\AppData\Local\TileDataLayer
2015-08-12 06:00 - 2015-07-10 04:04 - 00000000 __RSD C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-12 06:00 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 06:00 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-12 06:00 - 2015-07-10 04:04 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-12 05:57 - 2015-08-12 05:57 - 00000000 __SHD C:\Recovery
2015-08-12 05:49 - 2015-08-12 05:59 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2015-08-12 05:49 - 2015-07-10 03:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-08-12 05:46 - 2015-08-13 21:33 - 00000726 _____ C:\Windows\PFRO.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 17:16 - 2015-07-10 03:55 - 00000000 ____D C:\Windows\CbsTemp
2015-08-18 17:10 - 2015-07-10 05:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-08-18 17:10 - 2015-07-10 05:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 17:09 - 2015-07-10 02:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-08-18 17:08 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\sru
2015-08-14 11:00 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\appcompat
2015-08-13 22:09 - 2015-07-10 02:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-08-13 22:08 - 2015-07-10 04:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-13 21:33 - 2015-07-10 05:20 - 00189240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 21:32 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 21:32 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 21:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-08-13 21:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\oobe
2015-08-13 21:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 21:03 - 2015-07-10 05:20 - 00009089 _____ C:\Windows\setupact.log
2015-08-13 21:02 - 2010-05-15 19:11 - 01192784 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-08-13 21:02 - 2010-05-15 19:11 - 00701136 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-08-13 21:02 - 2010-05-15 19:11 - 00260120 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-08-13 19:35 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\AppReadiness
2015-08-13 19:32 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-08-13 19:32 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-13 19:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-08-13 19:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-08-13 19:32 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\Provisioning
2015-08-13 19:32 - 2015-07-10 02:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-13 19:32 - 2015-07-10 02:05 - 00000000 ____D C:\Windows\system32\Dism
2015-08-12 17:57 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\NDF
2015-08-12 12:43 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\restore
2015-08-12 12:42 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\Help
2015-08-12 11:53 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-12 06:17 - 2015-07-10 04:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-08-12 06:01 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\PrintDialog
2015-08-12 06:01 - 2015-07-10 04:04 - 00000000 ___RD C:\Windows\MiracastView
2015-08-12 05:58 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\rescache
2015-08-12 05:49 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-12 05:49 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\Catroot2.old
2015-08-12 05:48 - 2015-07-10 04:05 - 00002133 _____ C:\Windows\DtcInstall.log
2015-08-12 05:48 - 2015-07-10 04:04 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-12 05:48 - 2015-07-10 02:05 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-12 05:46 - 2015-07-10 02:05 - 00000000 __RHD C:\Users\Default
2015-08-08 08:38 - 2015-07-10 04:06 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:38 - 2015-07-10 04:06 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 05:46

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Kyle (2015-08-18 17:18:26)
Running from C:\Users\Kyle\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515495464-1780819520-728762140-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-515495464-1780819520-728762140-503 - Limited - Disabled)
Guest (S-1-5-21-515495464-1780819520-728762140-501 - Limited - Disabled)
Kyle (S-1-5-21-515495464-1780819520-728762140-1001 - Administrator - Enabled) => C:\Users\Kyle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blue Ridge Networks AppGuard (HKLM-x32\...\{B18537F1-B130-4C4B-A606-01128D45907E}) (Version: 4.2.8.1 - Blue Ridge Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.588 - ShadowDefender.com)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515495464-1780819520-728762140-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

12-08-2015 12:43:55 Installed DirectX
13-08-2015 14:41:51 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 04:04 - 2015-07-10 04:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-14] (Microsoft Corporation)
Task: {9FFDEFAA-26B4-440A-BA94-DDBB4D9E7980} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {E29C5389-2618-4995-868A-7E6B09470A83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {EAD9A6AA-C6D3-4240-91E2-801F2940302E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-13 17:34 - 2015-07-14 19:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-13 17:33 - 2015-07-10 18:22 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-08-13 17:34 - 2015-07-29 23:05 - 02498808 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-08-13 17:34 - 2015-07-29 23:05 - 02498808 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-13 21:02 - 2015-08-02 18:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-13 21:02 - 2015-08-02 18:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-13 21:02 - 2015-08-02 18:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-515495464-1780819520-728762140-1001\...\netflix.com -> netflix.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515495464-1780819520-728762140-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
HKU\S-1-5-21-515495464-1780819520-728762140-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{963BCE10-5732-4A30-8295-09974866E3DA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B05D435E-9723-487A-A016-E6205AA5E009}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{440371F0-91AB-4820-9558-4FC6FC9B591B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3767500D-E24C-48F2-A526-FA7B174D2D0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0A7099D8-5623-4461-8103-5B4420DEE5A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7B036C20-AAE5-46B9-A851-718921A2AA76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8387AD6F-3A52-4B16-AC44-9F562DD8C661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{838A0A5E-73D8-4469-B001-73FC39D539AC}] => (Allow) C:\Users\Kyle\Downloads\World-of-Warcraft-Setup-enUS.exe
FirewallRules: [{808530AF-355D-49C6-9EBF-72D1D047868C}] => (Allow) C:\Users\Kyle\Downloads\World-of-Warcraft-Setup-enUS.exe
FirewallRules: [{B774BD8D-979D-4966-84A0-642CFDCE6280}] => (Allow) C:\Users\Kyle\Downloads\World-of-Warcraft-Setup-enUS.exe
FirewallRules: [{AED4D93D-A71F-44A3-93AF-903CFE26F2C7}] => (Allow) C:\Windows\System32\wuauclt.exe
FirewallRules: [{1D8FF9D2-076B-44FE-9AA9-332114DF6DD7}] => (Allow) C:\Windows\System32\wuauclt.exe
FirewallRules: [{32EF18D5-026B-4046-A83B-3BD995A3259F}] => (Allow) C:\Windows\System32\wuauclt.exe
FirewallRules: [{9AD338C7-682F-43A6-9B2D-4989ACD0E11B}] => (Allow) C:\Windows\System32\wuauclt.exe
FirewallRules: [{B71D49DE-2C8B-464E-839A-B924B059E44B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{23B98205-0CD4-4FAC-9A40-5A4E0D7ADC5D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97D3C680-C880-4D73-9D32-80304DB6210C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CE8E72EF-4712-49DE-A3C5-B575B9CCDC8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E54422C2-242D-41EB-8106-06822B697F25}] => (Allow) %SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
FirewallRules: [{A33B78F5-7515-4BB9-8DE6-16C0607811A0}] => (Allow) %SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
FirewallRules: [4ab51f98-3c07-4ef3-8fe8-088ca6e72a2f] => (Allow) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
FirewallRules: [8afd77d8-a9c2-4536-87c2-1c2a4229e9ed] => (Allow) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
FirewallRules: [{0D8F4DE1-B6BD-4B09-8978-2443D65DD664}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{75D6B07B-9734-430E-9AB5-278219F2B5AD}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{DBD69E7A-E5E5-4429-A881-1E9E7B393EEE}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{79209F28-E117-4FD4-87A2-11FFF7CE7C78}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{EEECF224-823C-4A42-AE8B-A09373CE4C82}] => (Allow) %SystemRoot%\System32\wuauclt.exe
FirewallRules: [{89A25C33-2761-4F18-9015-A871ECC15554}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8CC6B71-EA71-491C-B318-6FFEE6BE1847}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5A1E7836-09BF-45AD-8C48-F10BBDF1DFAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD399050-B2BF-4EDE-9CF0-6E72570C93E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{463F5A40-60D8-4279-B8E8-57F200A5FA02}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A11D454E-69C8-4095-B522-1B17F1F0F90E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A6795E94-8DAF-4BD1-AED4-B4114A60C086}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{4EE5D955-87AB-4413-9D3B-9A447D8953AB}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{0F7AE14B-0DF3-43C6-8431-A59573564FFC}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 05:10:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/18/2015 05:10:36 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 05:10:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (08/18/2015 03:37:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=TimerEvent

Error: (08/18/2015 03:37:12 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 03:37:12 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (08/18/2015 03:37:11 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8


System errors:
=============
Error: (08/18/2015 05:09:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error:
%%5

Error: (08/18/2015 05:08:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/18/2015 03:37:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/17/2015 03:37:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 03:37:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/15/2015 03:36:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error:
%%5

Error: (08/15/2015 03:30:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/15/2015 03:29:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/15/2015 12:46:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/14/2015 11:37:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (08/18/2015 05:10:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 17:10:39:098 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 17:10:39:098)
00030001(0x00000000, 17:10:39:114 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 17:10:39:114 - 0)
00040001(0x00000000, 17:10:39:114 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 17:10:39:114 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 17:10:39:114 - 0, 1)
00040006(0x00000001, 17:10:39:114 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 17:10:39:114 - 0)
0002000C(0x00000000, 17:10:39:770 - 500)
00010002(0x8004FC01, 17:10:39:770 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 17:10:39:770)

Error: (08/18/2015 05:10:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/18/2015 05:10:36 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 05:10:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 17:10:34:786 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 17:10:34:817)
00030001(0x00000000, 17:10:34:833 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 17:10:34:833 - 0)
00040001(0x00000000, 17:10:34:833 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 17:10:34:833 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 17:10:34:833 - 0, 1)
00040006(0x00000001, 17:10:34:833 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 17:10:34:833 - 0)
0002000C(0x00000000, 17:10:35:973 - 500)
00010002(0x8004FC01, 17:10:35:989 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 17:10:35:989)

Error: (08/18/2015 03:37:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=TimerEvent

Error: (08/18/2015 03:37:12 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8

Error: (08/18/2015 03:37:12 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 03:37:12:168 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 03:37:12:171)
00030001(0x00000000, 03:37:12:175 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 03:37:12:175 - 0)
00040001(0x00000000, 03:37:12:175 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 03:37:12:178 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 03:37:12:179 - 0, 1)
00040006(0x00000001, 03:37:12:179 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 03:37:12:179 - 0)
0002000C(0x00000000, 03:37:12:780 - 500)
00010002(0x8004FC01, 03:37:12:781 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---&gt; Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 03:37:12:783)

Error: (08/18/2015 03:37:11 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0032b1f36bb-c1cd-4306-bf5c-a0367c2d97d8


CodeIntegrity:
===================================
Date: 2015-08-18 16:35:32.716
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 16:35:32.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 16:35:32.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 16:35:32.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 15:32:32.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 15:32:32.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 15:32:32.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 15:32:32.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 14:37:22.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 14:37:22.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 18%
Total physical RAM: 12287.18 MB
Available physical RAM: 9978.92 MB
Total Virtual: 14143.18 MB
Available Virtual: 11654.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:868.47 GB) NTFS
Drive d: (COMEDY_PACK) (CDROM) (Total:7.71 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A32E54E3)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of log ============================

Edited by Elise, 23 August 2015 - 11:48 AM.
codeboxes removed due to incompatibility issues


#7 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 August 2015 - 06:32 PM

0 Threats found w/  TDSSKiller.



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 19 August 2015 - 12:04 AM

Hello cer0,

 

Thank you for the provided logs. I will review them as fast as possible and be back with further instructions. Meanwhile, since you may have missed my question from the previous post, I will be waiting for its answer in your next reply

 

Do you experience any problems with the system, including malfunctioning or misbehavior?​

 

 

 


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 19 August 2015 - 04:46 PM

Hello cer0,

 

Thank you for the provided logs. I will review them as fast as possible and be back with further instructions. Meanwhile, since you may have missed my question from the previous post, I will be waiting for its answer in your next reply

 

 

 

Do you experience any problems with the system, including malfunctioning or misbehavior?​

 

 

 

When I'm watching Netflix... the video will stop but the audio will keep going and I have to click fast forward..
Sometimes when I'm posting in this thread the page will stop responding and IE will have to reload it (but only with this thread)

 



#10 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 20 August 2015 - 12:18 PM

Hello cer0,

 

I'm not using Netflix and I can't be completely sure why this is happening, but as far as I can tell, there are multiple topics mentioning audio and video out-of-sync when playing video. You may try some of the various suggestions over the Internet, like those mentioned here.

 

About the second problem you are describing, I'm almost completely sure that this is related to the IPB forum software used here, since similar results can be met on both Microsoft Edge and Google Chrome.

 

Meanwhile, I reviewed the logs you provided and I can say that there is no active malware on the system, including rootkits. I want to run one additional scan on the system to double check my findings till now.

 

Please, download Malwarebytes' Anti-Malware. Run the installer and follow the prompts to install the software. When ready, please start the tool.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 
After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
 
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#11 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 23 August 2015 - 11:47 AM

Hello cer0,

 

It's been almost three days without a reply from you. Are you still with me? Do you experience any additional problems? Please, remember than after two more days of inactivity, the topic will be closed.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#12 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 23 August 2015 - 12:03 PM

No, I do not experience any other problems.
 

 

I will try scanning with MWB. I currently have Kaspersky installed.

 



#13 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 24 August 2015 - 12:32 PM

Hello cer0,

 

No, I do not experience any other problems.

 

I'm glad to hear that. I will be waiting for the logfile from the scan performed with MAM.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#14 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 25 August 2015 - 12:15 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/25/2015
Scan Time: 12:02 PM
Logfile: 
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.25.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kyle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340665
Time Elapsed: 12 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OpenCandy, C:\Users\Kyle\AppData\Local\Temp\HYD3F0B.tmp.1440285389\HTA\install.1440285389.zip, Quarantined, [17f22ce193f87bbbfbd58ff0b94cd62a], 
PUP.Optional.OpenCandy, C:\Users\Kyle\AppData\Local\Temp\HYD3F0B.tmp.1440285389\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [58b144c9fb9059dd478988f736cf2ad6], 

Physical Sectors: 0
(No malicious items detected)


(end)


#15 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:09 AM

Posted 26 August 2015 - 12:56 PM

Hello cer0,

 

Thank you for the log. MAM detected two entries which are marked as PUP (Potentially Unwanted Program). The files related to it were found in the temporary folder of the system. Since I want to be completely sure that everything is as it should be, I want to take a look over a fresh scan with FRST.

 

Please, delete the version of FRST present and download the latest version of the tool from here. When you start the tool, please check the checkbox in front of the Addition.txt in the Optional Scan section. Run a new scan and post the generated logs in your next reply. 

 

Also, going over your logs I noticed that you have qBittorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove that program, you can do so via Programs and Features applet in Control Panel.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users