Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably Scammed: Trojan, CSSR, and Pushy Salesman


  • This topic is locked This topic is locked
13 replies to this topic

#1 GenericDNA

GenericDNA

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 September 2015 - 08:20 PM

HI everybody. I believe I just got off the phone with someone who would very much like to take my money and information. Here's the story: Just got this laptop a few weeks ago, so I'm still not super familiar with Windows 10. (Besides, I mostly use it to play games.) Anyway, I went to youtube this morning and was greeted with an ominous screen and Microsoft tech support numbers. Unfortunately I had to leave before I could really look at it. When I got home I called the number to have the Windows people fix the problem. The message on the weird page said it was locking my computer out of any networks, so I was in a hurry to get everything functional. Like I said, I have no clue how Windows 10 works or malfunctions, so I didn't even think that it may be a ruse... I was connected with some kind of tech helper guy (or possibly a criminal) and allowed him to control my PC remotely. He ran scans (or now that I think about it, it was probably a trojan, virus, or seed of some sort) and showed me that I had 1700 viruses stemming from a corrupt network. Then for about an hour he explained to me all of the different packages I could get for some network defender program and warranties and access to their help at any time.  The prices were ridiculous and I told him I would just fix the problem myself. And by myself I clearly meant by coming to the same place I come every time something goes crazy on one of my PCs: Bleepingcomputer!

 

So I would appreciate help from you guys again if you could spare a moment. That error page is still up and I can't get rid of it. There's some suspicious stuff running in my processes, such as "Sink to receive asynchronous callbacks for WMI client application" I'm just generally terrified about the whole thing.  

 

I have not touched a thing before consulting you guys. Didn't run MalwareBytes or Webroot. I saw this article: https://www.fixyourbrowser.com/removal-instructions/remove-windows-network-defender-pop-up-tech-support-scam/ but I thought I should get help here rather than follow generalized instructions.

 

I'll attach pictures of that error page.

 

I'm begging for help here....

Thanks

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 12 September 2015 - 10:37 AM

Hi, GenericDNA! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

From the looks of that message and what you described, that is most definitely a fake. One thing to look for in false warning messages is broken English; in this case, this one is full of it. Thank goodness you didn't give him any of your money! :)

 

Sadly, it's also very likely all the "scans" he ran were either totally bogus or, indeed, more malware. Nevertheless, I'll do my absolute best to get rid of them all!

First, let's run a scan with FRST to get some more information.

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and Addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 GenericDNA

GenericDNA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 September 2015 - 10:27 AM

I can't believe I was in such a hurry that day that I missed the jacked up language in that. I'm normally the person telling people to watch out for this kind of thing. Embarrassing... I still haven't touched anything, removed anything, ran any scans (aside from Farbar now), etc.
 
Here's the FRST.txt -
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015
Ran by Blake (administrator) on DESKTOP-4VS0I2R (13-09-2015 10:15:35)
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available Profiles: Blake)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Users\Blake\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8498392 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-08-20] (Synaptics Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [830488 2015-09-11] (Webroot)
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\...\Run: [OneDrive] => C:\Users\Blake\AppData\Local\Microsoft\OneDrive\OneDrive.exe [405584 2015-09-11] (Microsoft Corporation)
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-08-21]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-08-21]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ca21b03-9477-4d50-b818-c42a9a8f315a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2076916756-1397175388-459278013-1001 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-25] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-08-21] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-09-04] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-25] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-08-21] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-04] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-08-21] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-08-21] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-08-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-25] (Microsoft Corporation)
 
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-08-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-17] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-18] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-17] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [830488 2015-09-11] (Webroot)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2015-07-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [167152 2015-06-18] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4043544 2015-07-16] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7030040 2015-07-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-17] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-07-20] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-19] (Realtek                                            )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-06-22] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-20] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2015-09-11] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-09-04] (Webroot)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 10:15 - 2015-09-13 10:16 - 00018651 _____ C:\Users\Blake\Desktop\FRST.txt
2015-09-13 10:14 - 2015-09-13 10:15 - 00000000 ____D C:\FRST
2015-09-13 10:13 - 2015-09-13 10:13 - 02190336 _____ (Farbar) C:\Users\Blake\Desktop\FRST64.exe
2015-09-13 10:10 - 2015-09-13 10:10 - 00016148 _____ C:\Windows\system32\DESKTOP-4VS0I2R_Blake_HistoryPrediction.bin
2015-09-10 20:04 - 2015-09-10 20:04 - 00000000 ____D C:\Users\Blake\Documents\photoproof
2015-09-10 18:37 - 2015-09-10 19:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - ddae0142-9ccd-43bf-98be-06e3fd4b6536
2015-09-10 18:36 - 2015-09-11 21:39 - 00000000 ____D C:\Users\Blake\AppData\Local\LogMeIn Rescue Applet
2015-09-10 18:36 - 2015-09-10 18:36 - 01588544 _____ (LogMeIn, Inc.) C:\Users\Blake\Downloads\Support-LogMeInRescue.exe
2015-09-03 01:56 - 2015-09-10 18:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 01:56 - 2015-09-03 01:56 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-03 01:56 - 2015-09-03 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-03 01:56 - 2015-09-03 01:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-03 01:56 - 2015-09-03 01:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-03 01:56 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 01:56 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-03 01:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-03 01:55 - 2015-09-03 01:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Blake\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 23:40 - 2015-09-04 22:47 - 00000000 ____D C:\Users\Blake\AppData\Roaming\TS3Client
2015-09-02 23:40 - 2015-09-02 23:40 - 00001287 _____ C:\Users\Blake\Desktop\TeamSpeak 3 Client.lnk
2015-09-02 23:40 - 2015-09-02 23:40 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-09-02 23:40 - 2015-09-02 23:40 - 00000000 ____D C:\Users\Blake\AppData\Local\TeamSpeak 3 Client
2015-09-02 23:39 - 2015-09-02 23:39 - 31071896 _____ (TeamSpeak Systems GmbH) C:\Users\Blake\Downloads\TeamSpeak3-Client-win64-3.0.17.exe
2015-09-01 06:01 - 2015-09-01 06:01 - 94449112 _____ (Logitech Inc.) C:\Users\Blake\Downloads\LGS_8.72.98_x64_Logitech.exe
2015-09-01 05:59 - 2015-09-01 05:59 - 01164056 _____ (Logitech Inc.) C:\Users\Blake\Downloads\G602Flash.exe
2015-08-30 00:22 - 2015-08-30 00:22 - 26068984 _____ (ArenaNet) C:\Users\Blake\Downloads\Gw2Setup.exe
2015-08-28 14:18 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-28 14:18 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-28 14:18 - 2015-08-20 00:21 - 21875200 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-08-28 14:18 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-28 14:18 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-28 14:18 - 2015-08-19 23:31 - 18806272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-08-28 14:18 - 2015-08-18 02:56 - 02498808 _____ C:\Windows\system32\CoreUIComponents.dll
2015-08-28 14:18 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-08-28 14:18 - 2015-08-18 02:27 - 01771592 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-08-28 14:18 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-08-28 14:18 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2015-08-28 14:18 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-08-28 14:18 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-08-28 14:18 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-28 14:18 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2015-08-28 14:18 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-28 14:17 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-08-28 14:17 - 2015-08-20 00:57 - 00077400 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-28 14:17 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-08-28 14:17 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 14:17 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-28 14:17 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-08-28 14:17 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-08-28 14:17 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-08-28 14:17 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-08-28 14:17 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2015-08-28 14:17 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2015-08-28 14:17 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2015-08-28 14:17 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2015-08-28 14:17 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2015-08-28 14:17 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll
2015-08-28 14:17 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2015-08-28 14:17 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2015-08-28 14:17 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-08-28 14:17 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2015-08-28 14:17 - 2015-08-18 01:54 - 00247296 _____ C:\Windows\system32\facecredentialprovider.dll
2015-08-28 14:17 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-08-28 14:17 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2015-08-28 14:17 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2015-08-28 14:17 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz.dll
2015-08-28 14:17 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2015-08-28 14:17 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2015-08-28 14:17 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2015-08-28 14:17 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2015-08-28 14:17 - 2015-08-17 23:44 - 00008847 _____ C:\Windows\system32\ResPriHMImageList
2015-08-25 19:30 - 2015-09-02 20:48 - 00001134 _____ C:\Users\Blake\Desktop\Logitech Gaming Software 8.70.lnk
2015-08-25 03:15 - 2015-08-25 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-25 03:15 - 2015-08-25 13:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-24 16:46 - 2015-08-24 16:54 - 00000000 ____D C:\Users\Blake\Downloads\Jeff Rosenstock - I Look Like bleep
2015-08-24 16:42 - 2015-08-24 16:58 - 00000000 ____D C:\Users\Blake\Downloads\Jeff Rosenstock - Summer
2015-08-24 14:52 - 2015-08-24 14:53 - 00000000 ____D C:\Users\Blake\Desktop\Music Album Art
2015-08-24 14:48 - 2015-08-24 14:50 - 00000000 ____D C:\Users\Blake\Desktop\SGalaxyS5 - Picture Backups
2015-08-24 14:23 - 2015-08-24 14:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-08-24 14:21 - 2015-08-24 14:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-08-24 14:19 - 2015-08-24 14:19 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-08-24 14:19 - 2015-08-24 14:19 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2015-08-24 14:19 - 2015-08-24 14:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-24 14:18 - 2015-08-24 14:18 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-08-22 16:41 - 2015-08-10 23:52 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-08-22 16:37 - 2015-08-22 16:37 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-08-21 15:41 - 2015-08-22 16:23 - 00000000 ____D C:\Users\Blake\AppData\Local\lptmp327493631
2015-08-21 15:40 - 2015-09-13 10:15 - 00000000 ____D C:\ProgramData\WRData
2015-08-21 15:40 - 2015-09-11 21:44 - 00168720 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-08-21 15:40 - 2015-09-11 21:44 - 00117792 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-08-21 15:40 - 2015-09-11 21:44 - 00106944 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-08-21 15:40 - 2015-09-11 21:44 - 00000795 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-08-21 15:40 - 2015-09-04 09:47 - 00043600 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-08-21 15:40 - 2015-08-21 15:40 - 00000000 ____D C:\Program Files\Webroot
2015-08-21 15:38 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-08-21 14:23 - 2015-08-21 14:23 - 00000000 ____D C:\Users\Blake\Documents\Elder Scrolls Online
2015-08-21 14:23 - 2015-08-21 14:23 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2015-08-21 13:44 - 2015-08-21 13:44 - 00000000 ____D C:\Users\Blake\AppData\Local\Logitech
2015-08-21 13:44 - 2015-08-21 13:44 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-21 13:39 - 2015-08-25 01:10 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-08-21 13:39 - 2015-08-25 01:10 - 00000776 _____ C:\Windows\LkmdfCoInst.log
2015-08-21 13:39 - 2015-08-21 13:40 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-08-21 13:39 - 2015-08-21 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-21 13:38 - 2015-08-21 13:38 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Logitech
2015-08-21 13:38 - 2015-08-21 13:38 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Logishrd
2015-08-21 08:50 - 2015-08-24 00:44 - 00000000 ____D C:\Users\Blake\AppData\Local\Comms
2015-08-21 08:19 - 2015-08-21 08:19 - 00001698 _____ C:\Users\Blake\Desktop\The Elder Scrolls Online.lnk
2015-08-21 08:19 - 2015-08-21 08:19 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2015-08-21 08:19 - 2015-08-21 08:19 - 00000000 ____D C:\Windows\jre
2015-08-21 08:11 - 2015-08-21 08:11 - 00000000 ___HD C:\Users\Blake\InstallAnywhere
2015-08-21 08:10 - 2015-08-21 08:10 - 00009971 _____ C:\Windows\DirectX.log
2015-08-21 08:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-08-21 08:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-08-21 08:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-08-21 08:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-08-21 08:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-08-21 08:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-08-21 08:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-08-21 08:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-08-21 08:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-08-21 08:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-08-21 08:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-08-21 08:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-08-21 08:10 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-08-21 08:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-08-21 08:10 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-08-21 08:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-08-21 08:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-08-21 08:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-08-21 08:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-08-21 08:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-08-21 08:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-08-21 08:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-08-21 08:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-08-21 08:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-08-21 08:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-08-21 08:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-08-21 08:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-08-21 08:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-08-21 08:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-08-21 08:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-08-21 08:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-08-21 08:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-08-21 08:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-08-21 08:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-08-21 08:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-08-21 08:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-08-21 08:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-08-21 08:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-08-21 08:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-08-21 08:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-08-21 08:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-08-21 08:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-08-21 08:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-08-21 08:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-08-21 08:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-08-21 08:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-08-21 08:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-08-21 08:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-08-21 08:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-08-21 08:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-08-21 08:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-08-21 08:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-08-21 08:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-08-21 08:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-08-21 08:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-08-21 08:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-08-21 08:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-08-21 08:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-08-21 08:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-08-21 08:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-08-21 08:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-08-21 08:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-08-21 08:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-08-21 08:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-08-21 08:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-08-21 08:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-08-21 08:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-08-21 08:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-08-21 08:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-08-21 08:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-08-21 08:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-08-21 08:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-08-21 08:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-08-21 08:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-08-21 08:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-08-21 08:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-08-21 08:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-08-21 08:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-08-21 08:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-08-21 08:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-08-21 08:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-08-21 08:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-08-21 08:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-08-21 08:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-08-21 08:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-08-21 08:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-08-21 08:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-08-21 08:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-08-21 08:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-08-21 08:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-08-21 08:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-08-21 08:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-08-21 08:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-08-21 08:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-08-21 08:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-08-21 08:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-08-21 08:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-08-21 08:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-08-21 08:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-08-21 08:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-08-21 08:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-08-21 08:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-08-21 08:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-08-21 08:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-08-21 08:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-08-21 08:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-08-21 08:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-08-21 08:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-08-21 08:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-08-21 08:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-08-21 08:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-08-21 08:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-08-21 08:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-08-21 08:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-08-21 08:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-08-21 08:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-08-21 08:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-08-21 08:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Blake\AppData\Local\NetworkTiles
2015-08-21 07:24 - 2015-08-21 07:24 - 00000000 ____D C:\Users\Blake\AppData\Roaming\hpqLog
2015-08-21 01:46 - 2015-08-21 15:31 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-08-20 22:52 - 2015-08-20 22:52 - 00000222 _____ C:\Users\Blake\Desktop\The Elder Scrolls Online Tamriel Unlimited.url
2015-08-20 22:45 - 2015-09-08 23:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-20 22:45 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-20 22:44 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 22:44 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-08-20 22:44 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 22:44 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-08-20 22:44 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-08-20 22:44 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2015-08-20 22:44 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-20 22:44 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-08-20 22:44 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-20 22:44 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-08-20 22:44 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-08-20 22:44 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-08-20 22:44 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2015-08-20 22:44 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-20 22:44 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-08-20 22:44 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-20 22:44 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2015-08-20 22:44 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-08-20 22:44 - 2015-08-11 04:11 - 02446336 _____ C:\Windows\system32\InputService.dll
2015-08-20 22:44 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-08-20 22:44 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-20 22:44 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-08-20 22:44 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-08-20 22:44 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-08-20 22:44 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2015-08-20 22:44 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-08-20 22:44 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-08-20 22:44 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-08-20 22:44 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-08-20 22:44 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-08-20 22:44 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-20 22:44 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-08-20 22:44 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-20 22:44 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-20 22:44 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-08-20 22:44 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-08-20 22:44 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-08-20 22:44 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-08-20 22:44 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-08-20 22:44 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2015-08-20 22:44 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-08-20 22:44 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-08-20 22:44 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-20 22:44 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-20 22:44 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-20 22:44 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-20 22:44 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-08-20 22:44 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-08-20 22:44 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-08-20 22:44 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-08-20 22:44 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-08-20 22:44 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2015-08-20 22:44 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-08-20 22:44 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-08-20 22:44 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2015-08-20 22:44 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-08-20 22:44 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-08-20 22:44 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2015-08-20 22:44 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-20 22:44 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2015-08-20 22:44 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_UserAccount.dll
2015-08-20 22:44 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-08-20 22:44 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-08-20 22:44 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2015-08-20 22:44 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-08-20 22:44 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-20 22:44 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-08-20 22:44 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2015-08-20 22:44 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2015-08-20 22:44 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-20 22:44 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-08-20 22:44 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-08-20 22:44 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2015-08-20 22:44 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-20 22:44 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-20 22:44 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-08-20 22:44 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-08-20 22:44 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-08-20 22:44 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-20 22:44 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-08-20 22:44 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-08-20 22:44 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-08-20 22:44 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-08-20 22:44 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-08-20 22:44 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-08-20 22:44 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-08-20 22:44 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-08-20 22:44 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-20 22:44 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-08-20 22:44 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-08-20 22:44 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-08-20 22:44 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-08-20 22:44 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-08-20 22:44 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-08-20 22:44 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2015-08-20 22:44 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-08-20 22:44 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-08-20 22:44 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2015-08-20 22:44 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-20 22:44 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-08-20 22:44 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-08-20 22:44 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2015-08-20 22:44 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2015-08-20 22:44 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2015-08-20 22:44 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-08-20 22:44 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-08-20 22:44 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2015-08-20 22:44 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-08-20 22:44 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-20 22:44 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-08-20 22:44 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-08-20 22:44 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-08-20 22:44 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-08-20 22:44 - 2015-07-26 00:16 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-08-20 22:44 - 2015-07-26 00:16 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-08-20 22:44 - 2015-07-26 00:14 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-08-20 22:44 - 2015-07-26 00:14 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-08-20 22:44 - 2015-07-26 00:13 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2015-08-20 22:44 - 2015-07-25 23:28 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-08-20 22:44 - 2015-07-25 22:49 - 04760576 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-20 22:44 - 2015-07-25 22:49 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-08-20 22:44 - 2015-07-25 22:40 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-08-20 22:44 - 2015-07-25 22:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-08-20 22:44 - 2015-07-25 22:39 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-08-20 22:44 - 2015-07-25 22:38 - 04350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-20 22:44 - 2015-07-25 22:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-08-20 22:44 - 2015-07-25 22:30 - 00750592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-08-20 22:44 - 2015-07-25 22:30 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-08-20 22:44 - 2015-07-23 22:30 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-08-20 22:44 - 2015-07-23 22:18 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-08-20 22:44 - 2015-07-23 22:17 - 00695136 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2015-08-20 22:44 - 2015-07-23 22:12 - 00584544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-08-20 22:44 - 2015-07-23 21:46 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-08-20 22:44 - 2015-07-23 21:40 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-08-20 22:44 - 2015-07-23 21:39 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-08-20 22:44 - 2015-07-23 21:34 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2015-08-20 22:44 - 2015-07-23 21:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2015-08-20 22:44 - 2015-07-23 21:25 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-08-20 22:44 - 2015-07-23 21:24 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2015-08-20 22:44 - 2015-07-23 21:24 - 00925696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-08-20 22:44 - 2015-07-22 00:18 - 00808856 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2015-08-20 22:44 - 2015-07-22 00:02 - 00966424 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-08-20 22:44 - 2015-07-21 23:00 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-20 22:44 - 2015-07-21 22:53 - 00762896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-08-20 22:44 - 2015-07-21 22:13 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-20 22:44 - 2015-07-21 21:50 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-08-20 22:43 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2015-08-20 22:43 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-08-20 22:43 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-08-20 22:43 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-08-20 22:43 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2015-08-20 22:43 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2015-08-20 22:43 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2015-08-20 22:43 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2015-08-20 22:43 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2015-08-20 22:43 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2015-08-20 22:43 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2015-08-20 22:43 - 2015-08-11 04:14 - 00404480 _____ C:\Windows\system32\diagtrack_wininternal.dll
2015-08-20 22:43 - 2015-08-11 04:13 - 00413184 _____ C:\Windows\system32\diagtrack_win.dll
2015-08-20 22:43 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2015-08-20 22:43 - 2015-08-11 04:10 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2015-08-20 22:43 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2015-08-20 22:43 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2015-08-20 22:43 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-08-20 22:43 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2015-08-20 22:43 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\LocationGeofences.dll
2015-08-20 22:43 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2015-08-20 22:43 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\LocationPermissions.dll
2015-08-20 22:43 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2015-08-20 22:43 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2015-08-20 22:43 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2015-08-20 22:43 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-08-20 22:43 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\syncutil.dll
2015-08-20 22:43 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-20 22:43 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2015-08-20 22:43 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2015-08-20 22:43 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll
2015-08-20 22:43 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-20 22:43 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2015-08-20 22:43 - 2015-08-11 03:51 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2015-08-20 22:43 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2015-08-20 22:43 - 2015-08-11 03:50 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2015-08-20 22:43 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-20 22:43 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2015-08-20 22:43 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-08-20 22:43 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-08-20 22:43 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-20 22:43 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-20 22:43 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-20 22:43 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-08-20 22:43 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2015-08-20 22:43 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2015-08-20 22:43 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-08-20 22:43 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-08-20 22:43 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-20 22:43 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-08-20 22:43 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2015-08-20 22:43 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2015-08-20 22:43 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2015-08-20 22:43 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-08-20 22:43 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2015-08-20 22:43 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2015-08-20 22:43 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-08-20 22:43 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2015-08-20 22:43 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModelShim.dll
2015-08-20 22:43 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2015-08-20 22:43 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2015-08-20 22:43 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\coredpus.dll
2015-08-20 22:43 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-20 22:43 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-20 22:43 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2015-08-20 22:43 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\NetworkStatus.dll
2015-08-20 22:43 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2015-08-20 22:43 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2015-08-20 22:43 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
2015-08-20 22:43 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2015-08-20 22:43 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2015-08-20 22:43 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-20 22:43 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-08-20 22:43 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2015-08-20 22:43 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2015-08-20 22:43 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-08-20 22:43 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-08-20 22:43 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-08-20 22:43 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2015-08-20 22:43 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-08-20 22:43 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2015-08-20 22:43 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2015-08-20 22:43 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2015-08-20 22:43 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2015-08-20 22:43 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-08-20 22:43 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-20 22:43 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2015-08-20 22:43 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-08-20 22:43 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\VoiceActivationManager.dll
2015-08-20 22:43 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2015-08-20 22:43 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2015-08-20 22:43 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2015-08-20 22:43 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2015-08-20 22:43 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2015-08-20 22:43 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VoiceActivationManager.dll
2015-08-20 22:43 - 2015-07-25 22:47 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-08-20 22:43 - 2015-07-25 22:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2015-08-20 22:43 - 2015-07-25 22:35 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2015-08-20 22:43 - 2015-07-25 22:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2015-08-20 22:43 - 2015-07-23 22:17 - 00521568 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2015-08-20 22:43 - 2015-07-23 21:55 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-20 22:43 - 2015-07-23 21:52 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2015-08-20 22:43 - 2015-07-23 21:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2015-08-20 22:43 - 2015-07-23 21:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-08-20 22:43 - 2015-07-23 21:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2015-08-20 22:43 - 2015-07-22 00:15 - 00565088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-08-20 22:43 - 2015-07-21 23:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-08-20 22:43 - 2015-07-21 23:00 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-08-20 22:43 - 2015-07-21 22:21 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-08-20 22:37 - 2015-08-20 22:37 - 00000000 ____D C:\Users\Blake\AppData\Local\Steam
2015-08-20 22:37 - 2015-08-20 22:37 - 00000000 ____D C:\Users\Blake\AppData\Local\CEF
2015-08-20 22:30 - 2015-08-25 02:59 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-20 22:30 - 2015-08-20 22:30 - 00001039 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-20 22:30 - 2015-08-20 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-20 20:35 - 2015-08-20 20:35 - 00000000 ____D C:\Users\Public\CyberLink
2015-08-20 19:25 - 2015-08-20 19:25 - 00001008 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-08-20 19:25 - 2015-08-20 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-08-20 19:25 - 2015-08-20 19:25 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-08-20 19:24 - 2015-09-11 21:40 - 00002341 _____ C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-20 19:24 - 2015-09-11 21:40 - 00000000 ___RD C:\Users\Blake\OneDrive
2015-08-20 19:24 - 2015-08-20 19:24 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Macromedia
2015-08-20 19:23 - 2015-09-03 01:55 - 00003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-08-20 19:23 - 2015-08-20 19:25 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Guild Wars 2
2015-08-20 19:22 - 2015-08-20 19:22 - 00419528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-08-20 19:22 - 2015-08-20 19:22 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-20 19:22 - 2015-08-20 19:22 - 00042184 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-20 19:22 - 2015-08-20 19:22 - 00000000 ____D C:\Users\Blake\AppData\Local\MicrosoftEdge
2015-08-20 19:22 - 2015-08-20 19:22 - 00000000 ____D C:\Users\Blake\AppData\Local\DropboxOEM
2015-08-20 19:20 - 2015-08-22 16:44 - 00000000 ____D C:\Users\Blake\AppData\Local\NVIDIA Corporation
2015-08-20 19:20 - 2015-08-20 19:23 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Hewlett-Packard
2015-08-20 19:19 - 2015-08-22 16:42 - 00000000 ____D C:\Users\Blake\AppData\Local\NVIDIA
2015-08-20 19:19 - 2015-08-21 07:15 - 00000000 ____D C:\Users\Blake\AppData\Local\CyberLink
2015-08-20 19:19 - 2015-08-20 19:19 - 18376584 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-20 19:19 - 2015-08-20 19:19 - 15754192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-20 19:19 - 2015-08-20 19:19 - 00000000 ____D C:\Users\Blake\AppData\Local\HP_Inc
2015-08-20 19:18 - 2015-08-20 22:29 - 00000000 ____D C:\Users\Blake\AppData\Local\Hewlett-Packard
2015-08-20 19:18 - 2015-08-20 19:18 - 42730312 _____ C:\Windows\system32\nvcompiler.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 37749064 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 30518928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 22973584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 16160440 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 16011680 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 14511608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 13274904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 12973680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 11843384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 02963208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 02360976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 02164040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00787384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00632664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00384464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00364360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00314936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-20 19:18 - 2015-08-20 19:18 - 00031976 _____ C:\Windows\system32\nvinfo.pb
2015-08-20 19:17 - 2015-08-20 19:17 - 00000000 ____D C:\Users\Blake\AppData\Local\Publishers
2015-08-20 19:16 - 2015-09-08 23:01 - 00000000 ____D C:\Users\Blake\AppData\Local\Packages
2015-08-20 19:16 - 2015-08-21 14:47 - 00000000 ____D C:\Users\Blake
2015-08-20 19:16 - 2015-08-20 19:16 - 00016148 _____ C:\Windows\system32\DESKTOP-4VS0I2R_defaultuser0_HistoryPrediction.bin
2015-08-20 19:16 - 2015-08-20 19:16 - 00000184 _____ C:\Windows\insFileSpec
2015-08-20 19:16 - 2015-08-20 19:16 - 00000020 ___SH C:\Users\Blake\ntuser.ini
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ___RD C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Synaptics
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Intel
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Adobe
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Blake\AppData\Local\VirtualStore
2015-08-20 19:16 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Blake\AppData\Local\TileDataLayer
2015-08-20 19:16 - 2015-07-22 07:38 - 00000000 ___HD C:\Users\Blake\Documents\hp.system.package.metadata
2015-08-20 19:16 - 2015-07-10 06:04 - 00000000 __RSD C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-20 19:16 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 19:16 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-20 19:16 - 2015-07-10 06:04 - 00000000 ____D C:\Users\Blake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-20 19:14 - 2015-09-12 18:52 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 10:11 - 2015-07-10 07:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-09-13 10:11 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\sru
2015-09-12 18:17 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\AppReadiness
2015-09-09 22:00 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-08 23:00 - 2015-07-10 05:55 - 00000000 ____D C:\Windows\CbsTemp
2015-09-06 14:49 - 2015-07-16 01:09 - 00968010 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 17:10 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\rescache
2015-09-03 01:49 - 2015-07-10 07:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 01:48 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\oobe
2015-09-03 01:48 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-03 01:48 - 2015-07-10 04:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-09-03 01:46 - 2015-07-10 07:20 - 00355344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-03 01:45 - 2015-07-16 01:00 - 00005724 _____ C:\Windows\PFRO.log
2015-08-31 14:25 - 2015-07-10 07:20 - 00219662 _____ C:\Windows\setupact.log
2015-08-22 16:42 - 2015-08-04 07:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-21 15:34 - 2015-08-04 08:20 - 00000000 ____D C:\ProgramData\mcafee
2015-08-21 15:31 - 2015-07-10 06:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-21 15:31 - 2015-07-10 04:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-08-21 14:44 - 2015-08-04 07:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-08-21 14:42 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\Provisioning
2015-08-21 14:42 - 2015-07-10 04:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-21 14:42 - 2015-07-10 04:05 - 00000000 ____D C:\Windows\system32\Dism
2015-08-21 13:38 - 2015-08-04 07:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-21 08:54 - 2015-08-04 08:19 - 00000000 ___RD C:\Program Files\Online Services
2015-08-21 07:25 - 2015-07-22 07:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-21 07:25 - 2015-07-22 07:37 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-21 07:24 - 2015-08-04 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-21 07:24 - 2015-07-22 07:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-08-21 07:20 - 2015-08-04 08:27 - 00000000 ____D C:\ProgramData\Temp
2015-08-21 07:20 - 2015-08-04 08:27 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-08-21 07:20 - 2015-08-04 07:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-21 07:19 - 2015-08-04 08:43 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-08-21 07:15 - 2015-08-04 08:29 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-21 04:20 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\appcompat
2015-08-21 02:11 - 2015-07-16 01:50 - 00000000 ____D C:\Windows\Panther
2015-08-20 19:23 - 2015-07-22 07:38 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-08-20 19:22 - 2015-07-13 10:38 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-08-20 19:22 - 2015-07-13 10:38 - 00764616 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-08-20 19:22 - 2015-07-13 10:38 - 00614088 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-08-20 19:22 - 2015-07-13 10:38 - 00269000 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-08-20 19:22 - 2015-07-13 10:38 - 00255688 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo31.dll
2015-08-20 19:22 - 2015-07-13 10:38 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-08-20 19:18 - 2015-08-04 07:50 - 11142984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-20 19:18 - 2015-08-04 07:50 - 03351864 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-20 19:16 - 2015-07-13 11:28 - 00000000 ___HD C:\SYSTEM.SAV
2015-08-20 19:13 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\restore
2015-08-17 18:30 - 2015-08-04 07:51 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-08-17 18:30 - 2015-08-04 07:51 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-08-17 18:29 - 2015-08-04 07:51 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-08-17 18:29 - 2015-08-04 07:51 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======
 
2015-08-21 15:41 - 2015-08-21 15:41 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
 
Some files in TEMP:
====================
C:\Users\Blake\AppData\Local\Temp\DJAPI.dll
C:\Users\Blake\AppData\Local\Temp\SetupO365ProPlusRetail.x86.en-US_O365ProPlusRetail_Q44Y6-JN77K-R3M89-3MDHR-BY222_act_1_.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-09-05 16:32
 
==================== End of FRST.txt ============================

And Addition.txt -

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-09-2015
Ran by Blake (2015-09-13 10:16:49)
Running from C:\Users\Blake\Desktop
Windows 10 Home (X64) (2015-08-21 00:14:11)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-2076916756-1397175388-459278013-500 - Administrator - Disabled)
Blake (S-1-5-21-2076916756-1397175388-459278013-1001 - Administrator - Enabled) => C:\Users\Blake
DefaultAccount (S-1-5-21-2076916756-1397175388-459278013-503 - Limited - Disabled)
Guest (S-1-5-21-2076916756-1397175388-459278013-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{4d4a045b-9761-43d2-811c-1c29cbdb7459}) (Version: 18.12.0000.3040 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2076916756-1397175388-459278013-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls Online: Tamriel Unlimited (HKLM-x32\...\Steam App 306130) (Version:  - Zenimax Online Studios)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.3.37 - Webroot)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076916756-1397175388-459278013-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Blake\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
20-08-2015 19:13:30 Windows Modules Installer
27-08-2015 18:41:46 Windows Update
27-08-2015 18:43:02 Windows Update
05-09-2015 17:08:30 Scheduled Checkpoint
08-09-2015 22:55:51 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {10E95912-AEDE-476C-B12D-22DD18896694} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3338B320-F270-43ED-98AF-D0F743150A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-08-25] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {49261B59-F05D-417F-B3A6-FD745D44B1AA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {4C3D7301-C67D-469F-AB68-54E9A98EF5A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {5287DAA3-609B-4860-BFDE-8B4479DB37D2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {5A8E3538-2506-4419-8B37-BDD0B62F825D} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {6284CB61-24EA-4BA6-A94E-3497B95F0CFD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {6EB4C55D-D85D-416B-B448-E598B35E038B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {722D8B20-4AA7-43A5-BD70-F2CEDA87DB36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {832F48E2-DA4D-4C5C-837B-5BAA0643CE0C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-25] (Microsoft Corporation)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-04] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D3A466BC-8C17-41D5-9B48-E29BBC8DC36C} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {E1276B4B-E678-4562-B8F2-84C8625EA176} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-08-25] (Microsoft Corporation)
Task: {ECC0A0DB-3365-48F0-8CA9-65A61EE47CD2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

==================== Loaded Modules (Whitelisted) ==============
 
2015-08-04 08:24 - 2015-08-04 08:24 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-08-20 22:43 - 2015-08-11 04:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-08-25 03:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-04 07:51 - 2015-07-22 20:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-28 14:18 - 2015-08-18 02:56 - 02498808 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-08-28 14:18 - 2015-08-18 02:56 - 02498808 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-08-25 13:33 - 2015-08-25 13:33 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-20 22:44 - 2015-08-02 20:11 - 06569472 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:15 - 00471040 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-20 22:44 - 2015-08-11 03:58 - 01808384 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-20 22:44 - 2015-08-02 20:09 - 02274816 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-01 19:28 - 2015-07-01 19:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-01 19:28 - 2015-07-01 19:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-08-04 07:51 - 2015-08-17 18:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hewlett-packard backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2648AFDE-A8B2-4262-A679-DD08FC950732}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F52E827B-D756-4AED-A643-608A07EE3E4B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3FF1832F-D713-4B87-89AD-9634D58DE1A4}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{99FF3F1F-8F24-4F71-8B24-52929A813819}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8B97AB72-6F19-4B4E-A1AF-1D8ECBC7791D}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{F1E6A674-48DB-4A82-8039-C562F0DA7E73}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{17A09B45-5196-4EFA-9716-787F4C48D07E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{CE00D906-7AE5-443A-A049-9751D4FB6195}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{318B2868-8F7D-4618-8301-CD2DF81E41BB}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{9639C612-90D7-446D-9064-84BB4808B54A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C271986F-4B72-40DA-88CE-36A69D334575}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11D30776-0A43-4498-A81F-2218235DD459}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF9CD5F5-3C6C-43CE-88FA-DD2DD9E54B32}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0EFF36CA-3663-450B-B511-19BC1928AC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{F12F9217-3E2D-4C9E-93D2-16CAC27E43E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{6E827B2B-AFA5-44BF-B512-BD14EC34A350}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6375C1B8-E33F-4AA3-86C0-2DE7D9353FFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EBF793D8-F9B2-4502-B942-BCC804C2D1C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{780FFF00-137F-4DBA-BBD6-2C79EAE80CA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{79BFA8E1-441D-4430-A5AC-AFBDB20AFFEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{830BC034-80AF-45B0-A000-545C62A6E77A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9BC3772F-4265-47C5-BF2C-282F5C73C6A7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F078D680-A4F5-4CDC-BF27-5641301A45B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D183A2FD-B7FB-4B57-9AE1-A1FF94D24579}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{147664D5-9509-48D0-AAD7-AC1C26124600}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2015 10:09:59 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 08:58:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LicenseManager, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000008
Fault offset: 0x00000000000954ba
Faulting process id: 0x1cc
Faulting application start time: 0xsvchost.exe_LicenseManager0
Faulting application path: svchost.exe_LicenseManager1
Faulting module path: svchost.exe_LicenseManager2
Report Id: svchost.exe_LicenseManager3
Faulting package full name: svchost.exe_LicenseManager4
Faulting package-relative application ID: svchost.exe_LicenseManager5
 
Error: (09/12/2015 08:57:31 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 06:52:35 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 06:35:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4VS0I2R)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/12/2015 06:06:28 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 03:28:59 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/11/2015 10:37:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4VS0I2R)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/11/2015 09:36:33 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/10/2015 06:27:45 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 

System errors:
=============
Error: (09/12/2015 11:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/12/2015 11:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/12/2015 11:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/12/2015 11:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/12/2015 09:00:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:
%%1056
 
Error: (09/12/2015 08:59:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/12/2015 08:59:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/12/2015 08:59:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/12/2015 08:59:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/12/2015 08:59:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 

Microsoft Office:
=========================
Error: (09/13/2015 10:09:59 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 08:58:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LicenseManager10.0.10240.16384559f38cbntdll.dll10.0.10240.1643055c59f92c000000800000000000954ba1cc01d0e614a7ea1eb2C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1fe7b10a-84d5-44ca-a22b-28a72229989e
 
Error: (09/12/2015 08:57:31 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 06:52:35 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 06:35:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4VS0I2R)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/12/2015 06:06:28 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2015 03:28:59 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/11/2015 10:37:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-4VS0I2R)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/11/2015 09:36:33 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/10/2015 06:27:45 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16299.39 MB
Available physical RAM: 13785.38 MB
Total Virtual: 18731.39 MB
Available Virtual: 16157.78 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:915.77 GB) (Free:773.9 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9071B490)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 13 September 2015 - 03:10 PM

Hi,

 

Happens to the best of us. :P

 

The good news is you don't seem to be terribly infested by baddies. Nevertheless, there are a few things I'll be cleaning up with the following script.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2076916756-1397175388-459278013-1001 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
    C:\Program Files (x86)\Common Files\wruninstall.exe
    C:\Windows\Temp\DPTF
    C:\Users\Blake\Downloads\Support-LogMeInRescue.exe
    C:\Users\Blake\Downloads\mbam-setup-2.1.8.1057.exe
    C:\Users\Blake\Downloads\TeamSpeak3-Client-win64-3.0.17.exe
    C:\Users\Blake\Downloads\LGS_8.72.98_x64_Logitech.exe
    C:\Users\Blake\Downloads\G602Flash.exe
    C:\Users\Blake\Downloads\Gw2Setup.exe
    C:\Users\Blake\AppData\Local\lptmp327493631
    C:\Windows\System32\Tasks\McAfee
    C:\ProgramData\mcafee
    C:\ProgramData\Temp
    C:\ProgramData\SUPPORTDIR
    C:\Users\Blake\AppData\Local\Temp\DJAPI.dll
    C:\Users\Blake\AppData\Local\Temp\SetupO365ProPlusRetail.x86.en-US_O365ProPlusRetail_Q44Y6-JN77K-R3M89-3MDHR-BY222_act_1_.exe
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
    Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

How'd that go? Any changes to your PC now?
 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 GenericDNA

GenericDNA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 September 2015 - 05:34 PM

Glad to know it's not a terrible disaster. Okay. I ran the fix and rebooted when it asked me too. Everything seems to have worked out fine.

 

Fixlog.txt -

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by Blake (2015-09-13 17:13:20) Run:1
Running from C:\Users\Blake\Desktop
Loaded Profiles: Blake (Available Profiles: Blake)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2076916756-1397175388-459278013-1001 -> {A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
C:\Program Files (x86)\Common Files\wruninstall.exe
C:\Windows\Temp\DPTF
C:\Users\Blake\Downloads\Support-LogMeInRescue.exe
C:\Users\Blake\Downloads\mbam-setup-2.1.8.1057.exe
C:\Users\Blake\Downloads\TeamSpeak3-Client-win64-3.0.17.exe
C:\Users\Blake\Downloads\LGS_8.72.98_x64_Logitech.exe
C:\Users\Blake\Downloads\G602Flash.exe
C:\Users\Blake\Downloads\Gw2Setup.exe
C:\Users\Blake\AppData\Local\lptmp327493631
C:\Windows\System32\Tasks\McAfee
C:\ProgramData\mcafee
C:\ProgramData\Temp
C:\ProgramData\SUPPORTDIR
C:\Users\Blake\AppData\Local\Temp\DJAPI.dll
C:\Users\Blake\AppData\Local\Temp\SetupO365ProPlusRetail.x86.en-US_O365ProPlusRetail_Q44Y6-JN77K-R3M89-3MDHR-BY222_act_1_.exe
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
*****************
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2076916756-1397175388-459278013-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2}" => key removed successfully
HKCR\Wow6432Node\CLSID\{A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} => key not found.
"HKU\S-1-5-21-2076916756-1397175388-459278013-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2}" => key removed successfully
HKCR\CLSID\{A591A663-DF8A-4FFD-AFFF-D7B0EFF732B2} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
wfpcapture => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk => moved successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
 
"C:\Windows\Temp\DPTF" folder move:
 
Could not move "C:\Windows\Temp\DPTF" => Scheduled to move on reboot.
 
C:\Users\Blake\Downloads\Support-LogMeInRescue.exe => moved successfully
C:\Users\Blake\Downloads\mbam-setup-2.1.8.1057.exe => moved successfully
C:\Users\Blake\Downloads\TeamSpeak3-Client-win64-3.0.17.exe => moved successfully
C:\Users\Blake\Downloads\LGS_8.72.98_x64_Logitech.exe => moved successfully
C:\Users\Blake\Downloads\G602Flash.exe => moved successfully
C:\Users\Blake\Downloads\Gw2Setup.exe => moved successfully
C:\Users\Blake\AppData\Local\lptmp327493631 => moved successfully
C:\Windows\System32\Tasks\McAfee => moved successfully
C:\ProgramData\mcafee => moved successfully
C:\ProgramData\Temp => moved successfully
C:\ProgramData\SUPPORTDIR => moved successfully
C:\Users\Blake\AppData\Local\Temp\DJAPI.dll => moved successfully
C:\Users\Blake\AppData\Local\Temp\SetupO365ProPlusRetail.x86.en-US_O365ProPlusRetail_Q44Y6-JN77K-R3M89-3MDHR-BY222_act_1_.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008C-0000-0000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008F-0000-1000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008C-0409-0000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent => value removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-13 17:27:39)<=
 
"C:\Windows\Temp\DPTF" => Could not move
 
==== End of Fixlog 17:27:42 ====


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 14 September 2015 - 06:04 AM

Hi,

 

Excellent. Now then, assuming you are not having any further issues, these next steps will simply entail a basic checkup and some tidying up. :)

 

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware to check for any leftover infections.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 GenericDNA

GenericDNA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 15 September 2015 - 01:23 PM

I think I might be home free. Malware Bytes said zero threats found.

Here's the scan log -

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2015
Scan Time: 11:02 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.15.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Blake

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 613731
Time Elapsed: 1 hr, 49 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 16 September 2015 - 07:53 AM

Hi,

 

Awesome! :thumbup2: Now then...

 

Congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 GenericDNA

GenericDNA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 September 2015 - 04:21 PM

I've tried to run DelFix but my anivirus keeps shutting it down. Now I can't even put it on my desktop. It says I need admin permission (which I thouhgt I was an admin). Any thoughts on the matter?



#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 20 September 2015 - 05:12 PM

Hi,

 

Sounds as though Webroot is identifying DelFix as a false positive. Try disabling it before downloading DelFix, then re-enable it when you're done running it. Does it work now?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 GenericDNA

GenericDNA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 21 September 2015 - 05:02 AM

Okay. So I wasn't able to find WebRoot ANYWHERE to disable it. I had to actually delete it to be able to run DelFix. I'm going to try and re-download WebRoot again (only reason I was using it was because it came with the new PC). If for some reason that doesn't work, do you have any other recommendations for a solid cheap/free antivirus? I'm keeping m-bam, as I love it to death.

 

FileHippo downloaded with no problems, but now I'm wondering about the suggested programs on FileHippo's download page; things like Defraggler, SpeedFan, UltraDefrag, etc. Is there any use in using these? I'd like to keep my PC safe, clean, and running smoothly. All I do on this PC is use the internet for research, Microsoft Word for research papers, and a handful of Steam games. I think my malware issue came from typing in something like "youtbue.com" instead of "youtube.com".

 

Again, thank you so much for the help throughout this mess.



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 21 September 2015 - 02:47 PM

Hi,

 

That is quite unusual. :o

 

I use and recommend Avast! as an AV. It's got a great free version that is, thus far, the best antivirus program I've used. I'd say the biggest downside is that it sometimes nags you to buy the paid version, but you can easily close the ads, or enable silent/gaming mode (although this also turns off regular notifications). This isn't really a problem for me, but I figured I'd inform you. :)

 

I wouldn't say you need any external defragmentation program, because Windows has one built-in. SpeedFan may be of use to you if your gaming habits strain your computer and make it very hot, but otherwise I wouldn't bother. With a good antivirus, MBAM, regular updating and a good head on your shoulders, you should be good to go. My only other recommendation would be to use CCleaner to clean out your temporary files about once or week (or more if you want; I myself use it daily). This will clear out quite a bit of space, and may even improve your performance if you have an excessive amount of temporary files being loaded at once.

 

And you are very welcome. The pleasure is all mine. :thumbsup:

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 24 September 2015 - 06:28 PM

Hi,

 

Still with me?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:47 PM

Posted 26 September 2015 - 08:11 PM

This topic is now locked due to the lack of feedback.

If you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users