1. #1

    Malware corruption of Microsoft Edge

    It appears I have a problem with Microsoft Edge.

    I have gone through an extensive cleaning and fixing of a highly corrupted file system. I was working with Aura to try to reset MS Edge using some powershell commands. Upon completion when I tried to run edge, windows defender detected a trojan process running. Scanned immediately and cleaned up more malware - suspect something I don't want is running and unloading payloads when I attempt to use Edge.

    Scans are currently clear on Malwarebytes, Windows Defender and several other tools.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Hi, Sezneg. Please provide the logs as requested in this topic: Malware Removal Posting Instructions.

    Thank you.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Malware corruption of Microsoft Edge

    FRST64:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
    Ran by Matthew (administrator) on SEZNEG (15-05-2016 15:25:11)
    Running from C:\Users\Matthew\Desktop
    Loaded Profiles: Matthew (Available Profiles: Matthew)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
    (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
    (Akamai Technologies, Inc.) C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (mIRC Co. Ltd.) A:\MIRC\mirc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe




    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
    HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-05-06] ()
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{0668c7db-00d9-4962-9556-36908d75d5c0}: [DhcpNameServer] 192.168.2.1


    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> A:\Game Storage\Arc\Plugins\ArcPluginIE.dll [2015-11-19] (Perfect World Entertainment Inc)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)


    FireFox:
    ========
    FF Plugin-x32: @adobe.com/FlashPlayer -> A:\Game Storage\Arc\plugins\NPSWF32.dll [2015-09-15] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> A:\Game Storage\Arc\Plugins\npArcPluginFF.dll [2015-11-19] (Perfect World Entertainment Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin HKU\S-1-5-21-1814717882-3326078079-3800742243-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
    FF Plugin HKU\S-1-5-21-1814717882-3326078079-3800742243-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2016-02-25] (Torrents Time)


    Chrome:
    =======
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=G51zftpbl0cshmoAO,e8dc923b-a1d1-44d6-945d-a516a3b975e9,&prd=smw&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
    CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]


    ==================== Services (Whitelisted) ========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 ArcService; A:\Game Storage\Arc\ArcService.exe [88400 2015-11-19] (Perfect World Entertainment Inc)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-22] (BitRaider, LLC)
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-28] (BitRaider, LLC)
    R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
    R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3312152 2016-03-02] (TorrentsTime)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    U0 ivecoaba; C:\Windows\System32\drivers\uskwaavu.sys [79064 2016-05-13] (Malwarebytes)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
    R3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
    R3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
    R3 SaiK1713; C:\Windows\system32\DRIVERS\SaiK1713.sys [180544 2012-09-20] (Saitek)
    R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2014-11-04] (Saitek)
    R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51488 2014-11-04] (Saitek)
    R3 SaiU1713; C:\Windows\System32\drivers\SaiU1713.sys [47168 2012-09-20] (Saitek)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33592 2014-11-21] (Synaptics Incorporated)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-05-15 15:25 - 2016-05-15 15:25 - 00017732 _____ C:\Users\Matthew\Desktop\FRST.txt
    2016-05-15 15:25 - 2016-05-15 15:25 - 00000000 ____D C:\Users\Matthew\Desktop\FRST-OlderVersion
    2016-05-15 13:06 - 2016-05-15 13:06 - 00000000 ___HD C:\OneDriveTemp
    2016-05-13 03:05 - 2016-05-13 03:05 - 00002092 _____ C:\Users\Matthew\Desktop\Rkill.txt
    2016-05-13 00:22 - 2016-05-13 00:22 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\uskwaavu.sys
    2016-05-10 21:12 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-05-10 21:12 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-05-10 21:12 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-05-10 21:12 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-05-10 21:12 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-05-10 21:12 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-05-10 21:12 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-05-10 21:12 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-05-10 21:12 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-05-10 21:12 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-05-10 21:12 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-05-10 21:12 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-05-10 21:12 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-05-10 21:12 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-05-10 21:12 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-05-10 21:12 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-05-10 21:12 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-05-10 21:12 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-05-10 21:12 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-05-10 21:12 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-05-10 21:12 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-05-10 21:12 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-05-10 21:12 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-05-10 21:12 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-05-10 21:12 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-05-10 21:12 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-05-10 21:12 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-05-10 21:12 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-05-10 21:12 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-05-10 21:12 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-05-10 21:12 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-05-10 21:12 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-05-10 21:12 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-05-10 21:12 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-05-10 21:12 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-05-10 21:12 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-05-10 21:12 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-05-10 21:12 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-05-10 21:12 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-05-10 21:12 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-05-10 21:12 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-05-10 21:12 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-05-10 21:12 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-05-10 21:12 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-05-10 21:12 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-05-10 21:12 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-05-10 21:12 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-05-10 21:12 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-05-10 21:12 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-05-10 21:12 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-05-10 21:12 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-05-10 21:12 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-05-10 21:12 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-05-10 21:12 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-05-10 21:12 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-05-10 21:12 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-05-10 21:12 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-05-10 21:12 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-05-10 21:12 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-05-10 21:12 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
    2016-05-10 21:12 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-05-10 21:12 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-05-10 21:12 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-05-10 21:12 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-05-10 21:12 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-05-10 21:12 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-05-10 21:12 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-05-10 21:12 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-05-10 21:12 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-05-10 21:12 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-05-10 21:12 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-05-10 21:12 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-05-10 21:12 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-05-10 21:12 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-05-10 21:12 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-05-10 21:12 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-05-10 21:12 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-05-10 21:12 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-05-10 21:12 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-05-10 21:12 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-05-10 21:12 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-05-10 21:12 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-05-10 21:12 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-05-10 21:12 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-05-10 21:12 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-05-10 21:12 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-05-10 21:12 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-05-10 21:12 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-05-10 21:12 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-05-10 21:12 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-05-10 21:12 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-05-10 21:12 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-05-10 21:12 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-05-10 21:12 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-05-10 21:12 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-05-10 21:12 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-05-10 21:12 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-05-10 21:12 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-05-10 21:12 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-05-10 21:12 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-05-10 21:12 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-05-10 21:12 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-05-10 21:12 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-05-10 21:12 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-05-10 21:12 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-05-10 21:12 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-05-10 21:12 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-05-10 21:12 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-05-10 21:12 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-05-10 21:12 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-05-10 21:12 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-05-10 21:12 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-05-10 21:12 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-05-10 21:12 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-05-10 21:12 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-05-10 21:12 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-05-10 21:12 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-05-10 21:12 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-05-10 21:12 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-05-10 21:12 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-05-10 21:12 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-05-10 21:12 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-05-10 21:12 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-05-10 21:12 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-05-10 21:12 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-05-10 21:12 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-05-10 21:12 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-05-10 21:12 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-05-10 21:12 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-05-10 21:12 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-05-10 21:12 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-05-10 21:12 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-05-10 21:12 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-05-10 21:12 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-05-10 21:12 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-05-10 21:12 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-05-10 21:12 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-05-10 21:12 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-05-10 21:12 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-05-10 21:12 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-05-10 21:12 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-05-10 21:11 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-05-10 21:11 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-05-10 21:11 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-05-10 21:11 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-05-10 21:11 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-05-10 21:11 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-05-10 21:11 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-05-10 21:11 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-05-10 21:11 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2016-05-10 21:11 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-05-10 21:11 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-05-10 21:11 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
    2016-05-10 21:11 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-05-10 21:11 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-05-10 21:11 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-05-10 21:11 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-05-10 21:11 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2016-05-10 21:11 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
    2016-05-10 21:11 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-05-10 21:11 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-05-10 21:11 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-05-10 21:11 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2016-05-10 21:11 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2016-05-10 21:11 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-05-10 21:11 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-05-10 21:11 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-05-10 21:11 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-05-10 21:11 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-05-10 21:11 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-05-10 21:11 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2016-05-10 21:11 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
    2016-05-10 21:11 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-05-10 21:11 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-05-10 21:11 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2016-05-10 21:11 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-05-10 21:11 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-05-10 21:11 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-05-10 21:11 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
    2016-05-10 21:11 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
    2016-05-09 20:46 - 2016-05-09 20:46 - 62944535 _____ C:\Users\Matthew\Downloads\Comraich-V3-Beta (1).zip
    2016-05-07 22:15 - 2016-05-07 22:18 - 02884096 _____ (niemiro) C:\Users\Matthew\Desktop\SFCFix (1).exe
    2016-05-07 22:09 - 2016-05-07 22:09 - 00018401 _____ C:\Users\Matthew\Desktop\SFCFix.zip
    2016-05-07 16:39 - 2016-05-07 22:44 - 17195182 _____ C:\Users\Matthew\Desktop\cbs.txt
    2016-05-06 11:56 - 2016-05-06 11:56 - 00024260 _____ C:\Users\Matthew\Downloads\PostChatSurvey (2).csv
    2016-05-06 11:53 - 2016-05-06 11:53 - 00024260 _____ C:\Users\Matthew\Downloads\PostChatSurvey.csv
    2016-05-06 11:53 - 2016-05-06 11:53 - 00024260 _____ C:\Users\Matthew\Downloads\PostChatSurvey (1).csv
    2016-05-05 21:29 - 2016-05-05 21:32 - 00000000 ____D C:\Users\Matthew\Desktop\Autoruns
    2016-05-05 10:23 - 2016-05-05 10:23 - 00448512 _____ (OldTimer Tools) C:\Users\Matthew\Desktop\TFC.exe
    2016-05-05 00:38 - 2016-05-05 00:38 - 02870984 _____ (ESET) C:\Users\Matthew\Downloads\esetsmartinstaller_enu (1).exe
    2016-05-04 23:21 - 2016-05-04 23:21 - 62944535 _____ C:\Users\Matthew\Downloads\Comraich-V3-Beta.zip
    2016-05-04 23:05 - 2016-05-04 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
    2016-05-04 23:03 - 2016-05-04 23:05 - 02870984 _____ (ESET) C:\Users\Matthew\Downloads\esetsmartinstaller_enu.exe
    2016-05-04 19:53 - 2016-05-04 19:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-05-04 10:07 - 2016-05-04 10:07 - 00002492 _____ C:\Users\Matthew\Desktop\quarantine.txt
    2016-05-03 22:26 - 2016-05-03 22:26 - 00001281 _____ C:\Users\Matthew\Desktop\AdwCleaner[C2].txt
    2016-05-03 22:23 - 2016-05-03 22:23 - 01610816 _____ (Malwarebytes) C:\Users\Matthew\Downloads\JRT.exe
    2016-05-03 22:22 - 2016-05-13 03:07 - 00000556 _____ C:\Users\Matthew\Desktop\JRT.txt
    2016-05-03 22:20 - 2016-05-03 22:20 - 01610816 _____ (Malwarebytes) C:\Users\Matthew\Desktop\JRT.exe
    2016-05-02 22:23 - 2016-05-02 22:23 - 00031754 _____ C:\Users\Matthew\Desktop\MTB.txt
    2016-05-02 22:22 - 2016-05-02 22:22 - 00891392 _____ (Farbar) C:\Users\Matthew\Desktop\MiniToolBox.exe
    2016-05-02 02:14 - 2016-05-02 02:14 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Steam
    2016-05-02 02:14 - 2016-05-02 02:14 - 00000000 ____D C:\Users\Matthew\AppData\Local\UnrealEngine
    2016-05-01 21:42 - 2016-05-07 22:18 - 00057290 _____ C:\Users\Matthew\Desktop\SFCFix.txt
    2016-05-01 21:42 - 2016-05-07 22:18 - 00000000 ____D C:\SFCFix
    2016-05-01 21:36 - 2016-05-07 22:18 - 00000000 ____D C:\Users\Matthew\AppData\Local\niemiro
    2016-05-01 21:14 - 2016-05-01 21:14 - 18447464 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\MediaCreationTool.exe
    2016-05-01 21:14 - 2016-05-01 21:14 - 00000000 ___HD C:\$Windows.~WS
    2016-05-01 20:51 - 2016-05-01 21:26 - 00000000 ___DC C:\WINDOWS\Panther
    2016-05-01 20:50 - 2016-05-01 20:50 - 00000000 ____D C:\Windows.old
    2016-05-01 20:49 - 2016-05-01 20:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2016-05-01 20:49 - 2016-05-01 20:49 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-05-01 20:49 - 2016-05-01 20:49 - 00000000 ____D C:\Program Files\MSBuild
    2016-05-01 20:49 - 2016-05-01 20:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-05-01 20:49 - 2016-05-01 20:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-05-01 20:49 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2016-05-01 20:49 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-05-01 20:49 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2016-05-01 20:49 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2016-05-01 20:49 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2016-05-01 20:49 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-05-01 20:14 - 2016-05-01 20:14 - 00000000 __SHD C:\found.000
    2016-05-01 20:03 - 2016-05-15 15:24 - 00000000 ____D C:\Users\Matthew\Desktop\New folder
    2016-05-01 19:50 - 2016-05-01 20:22 - 00000000 _____ C:\Recovery.txt
    2016-05-01 19:49 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-05-01 19:49 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-05-01 19:49 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-05-01 19:49 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-05-01 19:49 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-05-01 19:49 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-05-01 19:49 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-05-01 19:49 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-05-01 19:49 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-05-01 19:49 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-05-01 19:49 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-05-01 19:49 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-05-01 19:49 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-05-01 19:49 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-05-01 19:49 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-05-01 19:49 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-05-01 19:49 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-05-01 19:49 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-05-01 19:49 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-05-01 19:49 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-05-01 19:49 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-05-01 19:49 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-05-01 19:49 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-05-01 19:49 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-05-01 19:49 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-05-01 19:49 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-05-01 19:49 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-05-01 19:49 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-05-01 19:49 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-05-01 19:49 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-05-01 19:49 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-05-01 19:49 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-05-01 19:49 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-05-01 19:49 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-05-01 19:49 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-05-01 19:49 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-05-01 19:49 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-05-01 19:49 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-05-01 19:49 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-05-01 19:49 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-05-01 19:49 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-05-01 19:49 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-05-01 19:49 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-05-01 19:49 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-05-01 19:49 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-05-01 19:49 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-05-01 19:49 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-05-01 19:49 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-05-01 19:49 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-05-01 19:49 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-05-01 19:49 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-05-01 19:49 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-05-01 19:49 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-05-01 19:49 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-05-01 19:49 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-05-01 19:49 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-05-01 19:49 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-05-01 19:49 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-05-01 19:49 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-05-01 19:49 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-05-01 19:49 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-05-01 19:49 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-05-01 19:49 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-05-01 19:49 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-05-01 19:49 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-05-01 19:49 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-05-01 19:49 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-05-01 19:49 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-05-01 19:49 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-05-01 19:49 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-05-01 19:49 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-05-01 19:49 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-05-01 19:49 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-05-01 19:49 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-05-01 19:49 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-05-01 19:49 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-05-01 19:49 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-05-01 19:49 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-05-01 19:49 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-05-01 19:49 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-05-01 19:49 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-05-01 19:49 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-05-01 19:49 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-05-01 19:49 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-05-01 19:49 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-05-01 19:49 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-05-01 19:49 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-05-01 19:49 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-05-01 19:49 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-05-01 19:49 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-05-01 19:49 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-05-01 19:49 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-05-01 19:49 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-05-01 19:49 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-05-01 19:49 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-05-01 19:49 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-05-01 19:49 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-05-01 19:49 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-05-01 19:49 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-05-01 19:49 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-05-01 19:49 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-05-01 19:49 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-05-01 19:49 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-05-01 19:49 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-05-01 19:49 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-05-01 19:49 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-05-01 19:49 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-05-01 19:49 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-05-01 19:49 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-05-01 19:49 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-05-01 19:49 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-05-01 19:49 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-05-01 19:49 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-05-01 19:49 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-05-01 19:49 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-05-01 19:49 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-05-01 19:49 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-05-01 19:49 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-05-01 19:49 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-05-01 19:49 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-05-01 19:49 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-05-01 19:49 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-05-01 19:49 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-05-01 19:49 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-05-01 19:49 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-05-01 19:49 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-05-01 19:49 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-05-01 19:49 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-05-01 19:49 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-05-01 19:49 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-05-01 19:49 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-05-01 19:49 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-05-01 19:49 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-05-01 19:49 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-05-01 19:49 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-05-01 19:49 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-05-01 19:49 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-05-01 19:49 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-05-01 19:49 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-05-01 19:49 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-05-01 19:49 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-05-01 19:49 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-05-01 19:49 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2016-05-01 19:49 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-05-01 19:49 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2016-05-01 19:49 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-05-01 19:49 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-05-01 19:49 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2016-05-01 19:49 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
    2016-05-01 19:49 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-05-01 19:49 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-05-01 19:49 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-05-01 19:49 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
    2016-05-01 19:49 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-05-01 19:49 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2016-05-01 19:49 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
    2016-05-01 19:49 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-05-01 19:49 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2016-05-01 19:49 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-05-01 19:49 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
    2016-05-01 19:49 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
    2016-05-01 19:49 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2016-05-01 19:49 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
    2016-05-01 19:49 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2016-05-01 19:49 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2016-05-01 19:49 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2016-05-01 19:49 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-05-01 19:49 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2016-05-01 19:49 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
    2016-05-01 19:49 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-05-01 19:49 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
    2016-05-01 19:49 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2016-05-01 19:49 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2016-05-01 19:49 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
    2016-05-01 19:49 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
    2016-05-01 19:49 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2016-05-01 19:49 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2016-05-01 19:49 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2016-05-01 19:49 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
    2016-05-01 19:49 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2016-05-01 19:49 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-05-01 19:49 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2016-05-01 19:49 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-05-01 19:49 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-05-01 19:49 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
    2016-05-01 19:49 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
    2016-05-01 19:49 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2016-05-01 19:49 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
    2016-05-01 19:49 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
    2016-05-01 19:49 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2016-05-01 19:49 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
    2016-05-01 19:49 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
    2016-05-01 19:49 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-05-01 19:49 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
    2016-05-01 19:49 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2016-05-01 19:49 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2016-05-01 19:49 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
    2016-05-01 19:49 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2016-05-01 19:49 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2016-05-01 19:49 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2016-05-01 19:49 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-05-01 19:49 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-05-01 19:49 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2016-05-01 19:49 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
    2016-05-01 19:49 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2016-05-01 19:49 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-05-01 19:49 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-05-01 19:49 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
    2016-05-01 19:49 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-05-01 19:49 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-05-01 19:49 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2016-05-01 19:49 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2016-05-01 19:49 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-05-01 19:49 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-05-01 19:49 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-05-01 19:49 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-05-01 19:49 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-05-01 19:49 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-05-01 19:49 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-05-01 19:49 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2016-05-01 19:49 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-05-01 19:49 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-05-01 19:49 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-05-01 19:49 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-05-01 19:49 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-05-01 19:49 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-05-01 19:49 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-05-01 19:49 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-05-01 19:49 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2016-05-01 19:49 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
    2016-05-01 19:49 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-05-01 19:49 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
    2016-05-01 19:49 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-05-01 19:49 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-05-01 19:49 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-05-01 19:49 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-05-01 19:49 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-05-01 19:49 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-05-01 19:49 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2016-05-01 19:49 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-05-01 19:49 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
    2016-05-01 19:49 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-05-01 19:49 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
    2016-05-01 19:49 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
    2016-05-01 19:49 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2016-05-01 19:49 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2016-05-01 19:49 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-05-01 19:49 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-05-01 19:49 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2016-05-01 19:49 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-05-01 19:49 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-05-01 19:49 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2016-05-01 19:49 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2016-05-01 19:49 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-05-01 19:49 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2016-05-01 19:49 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-05-01 19:49 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2016-05-01 19:49 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-05-01 19:49 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-05-01 19:49 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-05-01 19:49 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-05-01 19:49 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
    2016-05-01 19:49 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-05-01 19:49 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-05-01 19:49 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-05-01 19:49 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-05-01 19:49 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2016-05-01 19:49 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2016-05-01 19:49 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-05-01 19:49 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2016-05-01 19:49 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-05-01 19:49 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-05-01 19:49 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2016-05-01 19:49 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-05-01 19:49 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-05-01 19:49 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-05-01 19:49 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-05-01 19:49 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2016-05-01 19:49 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-05-01 19:49 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2016-05-01 19:49 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-05-01 19:49 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2016-05-01 19:49 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2016-05-01 19:49 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-05-01 19:48 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-05-01 19:48 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-05-01 19:48 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-05-01 19:48 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-05-01 19:48 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-05-01 19:48 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-05-01 19:48 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-05-01 19:48 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-05-01 19:48 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-05-01 19:48 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-05-01 19:48 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-05-01 19:48 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-05-01 19:48 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-05-01 19:48 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-05-01 19:48 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-05-01 19:48 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-05-01 19:48 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-05-01 19:48 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-05-01 19:48 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-05-01 19:48 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-05-01 19:48 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-05-01 19:48 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-05-01 19:48 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-05-01 19:48 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-05-01 19:48 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-05-01 19:48 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-05-01 19:48 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-05-01 19:48 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-05-01 19:48 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-05-01 19:48 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-05-01 19:48 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-05-01 19:48 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-05-01 19:48 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-05-01 19:48 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-05-01 19:48 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-05-01 19:48 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-05-01 19:48 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-05-01 19:48 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-05-01 19:48 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-05-01 19:48 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-05-01 19:48 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-05-01 19:48 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-05-01 19:48 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-05-01 19:48 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-05-01 19:48 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-05-01 19:48 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-05-01 19:48 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-05-01 19:48 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-05-01 19:48 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-05-01 19:48 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-05-01 19:48 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-05-01 19:48 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-05-01 19:48 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-05-01 19:48 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-05-01 19:48 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-05-01 19:48 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-05-01 19:48 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-05-01 19:48 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-05-01 19:48 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-05-01 19:48 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
    2016-05-01 19:48 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
    2016-05-01 19:48 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2016-05-01 19:48 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
    2016-05-01 19:48 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
    2016-05-01 19:48 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
    2016-05-01 19:48 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
    2016-05-01 19:48 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
    2016-05-01 19:48 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2016-05-01 19:48 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2016-05-01 19:48 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
    2016-05-01 19:48 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
    2016-05-01 19:48 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
    2016-05-01 19:48 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2016-05-01 19:48 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
    2016-05-01 19:48 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
    2016-05-01 19:48 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
    2016-05-01 19:48 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2016-05-01 19:48 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
    2016-05-01 19:48 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2016-05-01 19:48 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
    2016-05-01 19:48 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
    2016-05-01 19:48 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
    2016-05-01 19:48 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
    2016-05-01 19:48 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
    2016-05-01 19:48 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
    2016-05-01 19:48 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
    2016-05-01 19:48 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2016-05-01 19:48 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2016-05-01 19:48 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2016-05-01 19:48 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2016-05-01 19:48 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
    2016-05-01 19:48 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2016-05-01 19:48 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2016-05-01 19:48 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
    2016-05-01 19:48 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2016-05-01 19:48 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
    2016-05-01 19:48 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2016-05-01 19:48 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
    2016-05-01 19:48 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-05-01 19:48 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
    2016-05-01 19:19 - 2016-05-01 19:19 - 00000000 ___HD C:\$SysReset
    2016-05-01 18:26 - 2016-05-01 18:26 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-05-01 18:18 - 2016-05-01 18:18 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-SEZNEG-Windows-10-Pro-(64-bit).dat
    2016-05-01 18:18 - 2016-05-01 18:18 - 00000000 ____D C:\RegBackup
    2016-05-01 18:16 - 2016-05-01 18:16 - 00000000 ____D C:\Rem-VBSqt
    2016-05-01 18:11 - 2016-05-01 18:11 - 00110592 _____ (bartblaze) C:\Users\Matthew\Desktop\Rem-VBSworm.exe
    2016-05-01 18:01 - 2016-05-01 18:01 - 21258848 _____ (Tweaking.com) C:\Users\Matthew\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2016-05-01 18:01 - 2016-05-01 18:01 - 00185560 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
    2016-05-01 18:01 - 2016-05-01 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-05-01 18:01 - 2016-05-01 18:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-05-01 18:00 - 2016-05-01 18:00 - 15891824 _____ (McAfee Inc) C:\Users\Matthew\Downloads\stinger32.exe
    2016-05-01 18:00 - 2016-05-01 18:00 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Matthew\Downloads\tdsskiller.exe
    2016-05-01 17:47 - 2016-05-03 22:32 - 00000000 ____D C:\AdwCleaner
    2016-05-01 17:33 - 2016-05-01 17:33 - 00000000 ____D C:\WINDOWS\system32\fab
    2016-05-01 17:24 - 2016-05-13 00:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-05-01 17:24 - 2016-05-01 17:33 - 00001179 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-05-01 17:24 - 2016-05-01 17:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-05-01 17:24 - 2016-05-01 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-01 17:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-05-01 17:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-05-01 17:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-05-01 17:22 - 2016-05-15 15:25 - 00000000 ____D C:\FRST
    2016-05-01 17:16 - 2016-05-15 15:25 - 02382336 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
    2016-05-01 17:16 - 2016-05-01 17:47 - 03615296 _____ C:\Users\Matthew\Desktop\AdwCleaner.exe
    2016-05-01 17:05 - 2016-05-01 17:05 - 00000020 ___SH C:\Users\Matthew\ntuser.ini
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-05-01 16:59 - 2016-05-01 16:59 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-05-01 16:55 - 2016-05-01 17:33 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-05-01 16:55 - 2016-05-01 16:55 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2016-05-01 16:55 - 2016-05-01 16:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2016-05-01 16:54 - 2016-05-01 16:55 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2016-05-01 16:53 - 2016-05-13 03:48 - 00000000 ____D C:\Users\Matthew
    2016-05-01 16:53 - 2016-05-01 16:54 - 00000000 ____D C:\ProgramData\Razer
    2016-05-01 16:53 - 2016-05-01 16:53 - 00000000 _SHDL C:\Users\Matthew\My Documents
    2016-05-01 16:53 - 2016-05-01 16:53 - 00000000 _SHDL C:\Users\Matthew\Documents\My Videos
    2016-05-01 16:53 - 2016-05-01 16:53 - 00000000 _SHDL C:\Users\Matthew\Documents\My Pictures
    2016-05-01 16:53 - 2016-05-01 16:53 - 00000000 _SHDL C:\Users\Matthew\Documents\My Music
    2016-05-01 16:53 - 2016-05-01 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SaiK1713_01009.Wdf
    2016-05-01 16:52 - 2016-05-11 18:35 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-05-01 16:52 - 2016-05-01 16:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-05-01 16:52 - 2016-05-01 16:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-05-01 16:52 - 2016-05-01 16:54 - 00000000 ____D C:\Program Files (x86)\Razer
    2016-05-01 16:52 - 2016-05-01 16:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____H C:\ProgramData\DP45977C.lfl
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\WINDOWS\system32\DAX2
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\Program Files\Synaptics
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\Program Files\Realtek
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\Program Files\ASUS
    2016-05-01 16:52 - 2016-05-01 16:52 - 00000000 ____D C:\Program Files (x86)\ASUS
    2016-05-01 16:52 - 2016-02-23 16:28 - 06368824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 06154909 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-05-01 16:52 - 2016-02-23 16:28 - 02993720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-05-01 16:52 - 2016-02-23 16:28 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-05-01 16:52 - 2016-02-23 16:28 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-05-01 16:52 - 2014-01-27 23:16 - 00028672 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\AsIO.dll
    2016-05-01 16:52 - 2014-01-27 23:16 - 00015232 _____ C:\WINDOWS\SysWOW64\Drivers\AsIO.sys
    2016-05-01 16:30 - 2016-05-01 16:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-05-01 16:25 - 2016-05-01 16:25 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow00EBDFE0
    2016-05-01 16:25 - 2016-05-01 16:25 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow00000244DE8F1C48
    2016-05-01 15:03 - 2016-05-01 15:03 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow00EF1EA0
    2016-05-01 15:03 - 2016-05-01 15:03 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow0000025798E79C78
    2016-05-01 12:23 - 2016-05-01 12:23 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow00AEEDF8
    2016-05-01 12:23 - 2016-05-01 12:23 - 00000000 ____D C:\Users\Matthew\AppData\LocalLow0000020EFE76CEE8
    2016-05-01 01:58 - 2016-05-01 01:58 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\MCorp
    2016-05-01 01:52 - 2016-05-01 17:27 - 00000000 ____D C:\Users\Matthew\AppData\Local\Tempfolder
    2016-05-01 01:52 - 2016-05-01 16:54 - 00000000 ____D C:\WINDOWS\system32\aser
    2016-05-01 01:52 - 2016-05-01 01:52 - 00000000 ____D C:\uninst
    2016-05-01 01:51 - 2016-05-01 01:51 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
    2016-05-01 01:30 - 2016-05-01 17:06 - 00000464 _____ C:\appmanager.txt
    2016-05-01 01:30 - 2016-05-01 01:30 - 04733736 _____ ( ) C:\Users\Matthew\Downloads\temp.exe
    2016-05-01 01:30 - 2016-05-01 01:30 - 04733736 _____ ( ) C:\Users\Matthew\Downloads\pcspsetuprclk (1).exe
    2016-05-01 01:29 - 2016-05-01 17:33 - 00000000 ____D C:\Users\Matthew\AppData\Local\app
    2016-05-01 01:28 - 2016-05-01 01:28 - 00187904 _____ C:\WINDOWS\rsrcs.dll
    2016-05-01 01:26 - 2016-05-01 01:25 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2016-04-29 22:59 - 2016-05-01 17:33 - 00000789 _____ C:\Users\Matthew\Desktop\Ashes of Erebus.lnk
    2016-04-29 22:58 - 2016-04-29 22:58 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\TortoiseSVN
    2016-04-29 22:47 - 2016-04-29 22:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\TortoiseSVN
    2016-04-29 22:37 - 2016-05-13 20:22 - 00000000 ____D C:\Users\Matthew\AppData\Local\TSVNCache
    2016-04-29 22:27 - 2016-05-01 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
    2016-04-29 22:27 - 2016-04-29 22:27 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Subversion
    2016-04-29 22:27 - 2016-04-29 22:27 - 00000000 ____D C:\Program Files\TortoiseSVN
    2016-04-29 22:27 - 2016-04-29 22:27 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
    2016-04-27 01:42 - 2016-05-01 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
    2016-04-27 01:39 - 2016-05-01 17:33 - 00000279 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
    2016-04-27 00:30 - 2016-05-01 17:33 - 00000787 _____ C:\Users\Matthew\Desktop\Master of Mana.lnk
    2016-04-26 22:34 - 2016-05-01 17:33 - 00001229 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
    2016-04-26 22:34 - 2016-05-01 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
    2016-04-26 22:34 - 2016-04-27 03:11 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
    2016-04-24 12:47 - 2016-05-15 14:08 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\mIRC
    2016-04-24 12:47 - 2016-05-01 17:33 - 00000548 _____ C:\Users\Public\Desktop\mIRC.lnk
    2016-04-24 12:47 - 2016-05-01 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
    2016-04-23 02:08 - 2016-05-01 16:55 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-23 02:08 - 2016-05-01 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-23 02:08 - 2016-04-23 02:08 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\WinRAR
    2016-04-23 02:08 - 2016-04-23 02:08 - 00000000 ____D C:\Program Files\WinRAR
    2016-04-16 18:22 - 2016-04-16 18:59 - 00000000 ____D C:\Users\Matthew\Documents\EA Games
    2016-04-16 18:19 - 2016-04-16 18:19 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Razor
    2016-04-16 18:17 - 2016-05-01 17:33 - 00001046 _____ C:\Users\Matthew\Desktop\Razor.lnk
    2016-04-16 18:17 - 2016-05-01 16:55 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor
    2016-04-16 18:17 - 2016-04-16 18:17 - 00000000 ____D C:\Program Files (x86)\Razor
    2016-04-16 18:15 - 2016-04-27 01:39 - 00000000 ____D C:\ProgramData\Media Center Programs
    2016-04-16 18:15 - 2016-04-16 18:15 - 00000000 ___HD C:\WINDOWS\PIF
    2016-04-16 18:09 - 2016-04-16 18:09 - 00003373 _____ C:\Users\Matthew\AppData\Local\recently-used.xbel
    2016-04-16 00:53 - 2016-04-16 18:12 - 00000000 ____D C:\Users\Matthew\.gimp-2.8
    2016-04-16 00:53 - 2016-04-16 18:09 - 00000000 ____D C:\Users\Matthew\AppData\Local\gtk-2.0
    2016-04-16 00:53 - 2016-04-16 00:53 - 00000000 ____D C:\Users\Matthew\AppData\Local\gegl-0.2
    2016-04-16 00:53 - 2016-04-16 00:53 - 00000000 ____D C:\Users\Matthew\AppData\Local\fontconfig
    2016-04-16 00:53 - 2016-04-16 00:53 - 00000000 ____D C:\Users\Matthew\.thumbnails
    2016-04-16 00:51 - 2016-05-01 17:33 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2016-04-16 00:50 - 2016-04-16 00:50 - 00000000 ____D C:\Program Files\GIMP 2


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-05-15 14:50 - 2014-03-01 09:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-15 13:06 - 2014-03-01 09:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-15 13:06 - 2014-03-01 09:33 - 00000000 __RDO C:\Users\Matthew\SkyDrive
    2016-05-14 01:15 - 2014-03-04 17:59 - 00000000 ____D C:\Steam
    2016-05-13 21:19 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-05-13 00:22 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-05-12 20:51 - 2014-03-01 09:38 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-12 20:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-05-11 20:17 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-05-11 20:01 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
    2016-05-11 18:42 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-05-11 18:39 - 2015-08-08 14:25 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-05-11 18:36 - 2016-02-13 09:22 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-05-11 18:35 - 2016-02-13 09:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-11 02:44 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-05-11 02:43 - 2016-02-13 09:04 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-11 02:43 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-05-11 02:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-05-11 02:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-05-11 02:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-05-11 02:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-05-10 21:45 - 2014-03-01 09:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-05-10 21:45 - 2014-03-01 09:37 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-05-10 21:31 - 2014-03-01 01:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-05-10 21:27 - 2014-03-01 01:24 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-05-08 23:24 - 2014-03-08 20:39 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\uTorrent
    2016-05-02 22:25 - 2014-03-01 00:42 - 00000000 ____D C:\Users\Matthew\AppData\Local\Packages
    2016-05-02 09:51 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
    2016-05-01 20:51 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2016-05-01 20:00 - 2016-02-13 09:12 - 00194504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-05-01 19:59 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-05-01 19:59 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-05-01 19:59 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-05-01 19:02 - 2014-03-01 09:35 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7BE92795-A5EF-4F94-9EEB-3BBE9F4FDC74}
    2016-05-01 18:55 - 2014-03-01 00:42 - 00000000 ____D C:\WINDOWS\CSC
    2016-05-01 17:34 - 2015-09-20 22:59 - 00000000 ____D C:\Users\Matthew\AppData\Local\Apps\2.0
    2016-05-01 17:33 - 2016-03-09 01:10 - 00003121 _____ C:\Users\Matthew\Desktop\Fallout 4 Checklist.lnk
    2016-05-01 17:33 - 2016-03-01 22:51 - 00002214 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-05-01 17:33 - 2016-02-13 04:12 - 00001133 _____ C:\Users\Matthew\Desktop\HiAlgoBOOST.lnk
    2016-05-01 17:33 - 2016-02-10 01:51 - 00001038 _____ C:\Users\Matthew\Desktop\RCRN Customizer.lnk
    2016-05-01 17:33 - 2015-08-25 23:45 - 00001119 _____ C:\Users\Matthew\Desktop\Magister Modmod for FfH2.lnk
    2016-05-01 17:33 - 2015-08-18 20:55 - 00000795 _____ C:\Users\Matthew\Desktop\Fall from Heaven 2.lnk
    2016-05-01 17:33 - 2015-08-08 15:35 - 00002419 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-05-01 17:33 - 2015-06-02 22:07 - 00001613 _____ C:\Users\Matthew\Desktop\MechWarriorOnline.exe - Shortcut.lnk
    2016-05-01 17:33 - 2015-05-07 18:53 - 00000555 _____ C:\Users\Public\Desktop\Star Trek Online.lnk
    2016-05-01 17:33 - 2015-03-28 17:08 - 00000952 _____ C:\Users\Matthew\Desktop\The Lord of the Rings Online.lnk
    2016-05-01 17:33 - 2015-03-11 18:54 - 00000952 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
    2016-05-01 17:33 - 2014-12-23 20:26 - 00002153 _____ C:\Users\Public\Desktop\Path of Exile.lnk
    2016-05-01 17:33 - 2014-04-16 21:13 - 00001027 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
    2016-05-01 17:33 - 2014-03-08 20:40 - 00000889 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2016-05-01 17:33 - 2013-08-22 09:25 - 00001626 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_528
    2016-05-01 16:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-05-01 16:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
    2016-05-01 16:58 - 2014-03-01 03:33 - 00009528 _____ C:\WINDOWS\diagwrn.xml
    2016-05-01 16:58 - 2014-03-01 03:33 - 00009528 _____ C:\WINDOWS\diagerr.xml
    2016-05-01 16:57 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
    2016-05-01 16:57 - 2014-04-06 15:49 - 00002336 _____ C:\WINDOWS\System32\Tasks\{E40A521C-0097-4B87-B4C1-7A9A41365F2C}
    2016-05-01 16:57 - 2014-03-01 03:35 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2016-05-01 16:57 - 2014-03-01 00:49 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1814717882-3326078079-3800742243-1001
    2016-05-01 16:55 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-05-01 16:55 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-05-01 16:55 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated
    2016-05-01 16:55 - 2015-10-19 21:04 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-05-01 16:55 - 2015-09-20 22:59 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STO Combat Meter
    2016-05-01 16:55 - 2015-09-11 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Piranha Games
    2016-05-01 16:55 - 2015-04-18 16:46 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
    2016-05-01 16:55 - 2015-03-20 00:12 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RCRN
    2016-05-01 16:55 - 2015-03-11 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
    2016-05-01 16:55 - 2015-01-23 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
    2016-05-01 16:55 - 2014-12-25 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2016-05-01 16:55 - 2014-12-23 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
    2016-05-01 16:55 - 2014-10-23 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-05-01 16:55 - 2014-09-10 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-05-01 16:55 - 2014-09-02 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2016-05-01 16:55 - 2014-06-21 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
    2016-05-01 16:55 - 2014-06-18 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2016-05-01 16:55 - 2014-05-01 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-05-01 16:55 - 2014-04-16 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    2016-05-01 16:55 - 2014-04-06 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
    2016-05-01 16:55 - 2014-03-21 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2016-05-01 16:55 - 2014-03-07 00:56 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
    2016-05-01 16:55 - 2014-03-06 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
    2016-05-01 16:55 - 2014-03-05 23:21 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
    2016-05-01 16:55 - 2014-03-04 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-05-01 16:55 - 2014-03-04 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-05-01 16:55 - 2014-03-04 17:36 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
    2016-05-01 16:55 - 2014-03-04 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-05-01 16:55 - 2014-03-01 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
    2016-05-01 16:54 - 2015-11-01 17:10 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Federation Emergency Services
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
    2016-05-01 16:54 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-05-01 16:54 - 2015-05-20 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
    2016-05-01 16:54 - 2015-05-07 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
    2016-05-01 16:54 - 2015-03-28 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
    2016-05-01 16:54 - 2014-06-22 19:14 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2016-05-01 16:54 - 2014-04-27 12:49 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
    2016-05-01 16:54 - 2014-04-06 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2016-05-01 16:54 - 2014-03-01 00:47 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2016-05-01 16:54 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-05-01 16:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
    2016-05-01 16:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
    2016-05-01 16:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
    2016-05-01 16:53 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-05-01 16:44 - 2014-03-01 16:39 - 00008192 __RSH C:\BOOTSECT.BAK
    2016-05-01 01:49 - 2016-03-02 04:22 - 00000000 ____D C:\Users\Matthew\AppData\Local\CrashDumps
    2016-04-27 01:42 - 2014-07-21 22:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-04-27 01:39 - 2014-03-04 19:57 - 00000000 ____D C:\Games
    2016-04-22 03:57 - 2014-03-01 01:41 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-04-20 01:09 - 2014-04-16 21:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\TS3Client
    2016-04-19 18:44 - 2014-04-16 21:13 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client


    ==================== Files in the root of some directories =======


    2016-04-16 18:09 - 2016-04-16 18:09 - 0003373 _____ () C:\Users\Matthew\AppData\Local\recently-used.xbel
    2016-05-01 16:52 - 2016-05-01 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-03-09 01:25 - 2016-03-09 01:25 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc


    ==================== Bamital & volsnap =================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




    LastRegBack: 2016-05-15 13:51


    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
    Ran by Matthew (2016-05-15 15:25:31)
    Running from C:\Users\Matthew\Desktop
    Windows 10 Pro Version 1511 (X64) (2016-05-01 20:59:27)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-1814717882-3326078079-3800742243-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1814717882-3326078079-3800742243-503 - Limited - Disabled)
    Guest (S-1-5-21-1814717882-3326078079-3800742243-501 - Limited - Disabled)
    Matthew (S-1-5-21-1814717882-3326078079-3800742243-1001 - Administrator - Enabled) => C:\Users\Matthew


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    µTorrent (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Akamai NetSession Interface (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.2.790 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    BOSS Userlist Manager (HKLM-x32\...\{BCBC36F3-B413-4E0E-9EC4-CA8A5584808B}) (Version: 6.7 - Surazal)
    Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - bgs.bethsoft.com)
    Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Dungeons & Dragons Online (HKLM-x32\...\Dungeons & Dragons Online) (Version: - Turbine, Inc)
    Empyrion - Galactic Survival (HKLM\...\Steam App 383120) (Version: - Eleon Game Studios)
    Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    Fallout4Checklist (HKLM-x32\...\{35E79C06-F6CE-4385-B4B7-508D20DB286A}) (Version: 1.0.0 - Fallout4Checklist)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Happy Cloud Client (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
    HiAlgo BOOST 5.0 (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\HiAlgoBOOST) (Version: 5.0 - HiAlgo Inc.)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
    Magister Modmod for FfH2 April 16 2016 (HKLM-x32\...\{71C68BFF-4F7F-4A95-927D-C32B6A4EDE07}_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Master of Mana 2.11 (HKLM-x32\...\{CB5CB8BF-D93F-4CCD-9D87-29368010DB2A}_is1) (Version: - )
    MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
    MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.)
    MWO Public Test (HKLM-x32\...\{4ee8dd3b-b1b6-4974-a271-d9423b69af3c}) (Version: 1.5.0.0 - Piranha Games Inc.)
    MWO Public Test (x32 Version: 1.5.0.0 - Piranha Games Inc.) Hidden
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.14 - Black Tree Gaming)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
    NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Path of Exile - The Awakening Closed Beta (HKLM-x32\...\{08614ECB-C254-422C-AB67-C51E98CD1F78}) (Version: 2.0.0.41339 - Grinding Gear Games)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.0.38761 - Grinding Gear Games)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Shadowrun: Hong Kong (HKLM-x32\...\Steam App 346940) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
    Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
    Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.17 - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    STO Combat Meter (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\e540e1f6294bec51) (Version: 1.0.0.105 - STO Combat Meter)
    STO Keybinds (HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\73217bad652635ca) (Version: 1.0.0.120 - Federation Emergency Services)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18.2 - TeamSpeak Systems GmbH)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
    The Lord of the Rings Online™: Bullroarer v1400.0055.1429.1379 (HKLM-x32\...\e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1) (Version: 1400.0055.1429.1379 - Turbine, Inc.)
    TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.9.5 - Torrents Time)
    TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.7 - Tweaking.com)
    Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)
    Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Troika Games)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
    XCom Long War EW Mod version Beta 15d2 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 15d2 - JohnnyLump)
    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-1814717882-3326078079-3800742243-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Matthew\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\FileCoAuth.exe (Microsoft Corporation)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {06D38A22-2A06-446B-9D65-01E10A190B43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {29E78583-EF1F-4C05-B48B-C5B55BA19F4A} - \PC-Speedup-Pro_Logon -> No File <==== ATTENTION
    Task: {2CB53675-98C1-4D50-A156-2396722E3D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {33C2B233-D9A9-47DA-B95E-054AF02C4A7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {44B48F03-F005-4A2F-87F7-DAAABF5B73DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {67E46C15-053E-477D-B6BF-E93DCC38E4FA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9352EBAB-52C8-4A1B-850D-83CA131930DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9E8A58ED-A0C2-45EE-95E0-8A2D9F25F8EE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A23FC137-43C5-4C81-B4C7-1DDB47538444} - \AppManager_logon -> No File <==== ATTENTION
    Task: {A45B2E0E-FEEF-4742-AF47-C2E69ACAAF16} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A5DB31CE-D7E5-457A-AF22-B40FD32E98BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AF3F9BAB-BC86-4568-B5A1-B1FD5D870B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {BFBAD1DD-DEB8-4B5D-A30B-647DB6C5A2F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {D061044F-FF36-470C-A061-C4C4BEB99506} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
    Task: {DAE74BA0-4619-4B7C-9C75-278316ABD593} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F53CC08D-ED88-4CED-A094-E299ADDBFCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {FCDA788A-4E1B-45A3-ADEF-9D91C2BEF96C} - System32\Tasks\{E40A521C-0097-4B87-B4C1-7A9A41365F2C} => pcalua.exe -a C:\Users\Matthew\Downloads\Range_MMO7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\Matthew\Downloads


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============


    2016-05-01 19:49 - 2016-03-29 06:20 - 02656952 _____ () c:\windows\system32\CoreUIComponents.dll
    2016-05-01 16:52 - 2014-01-27 23:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    2015-11-04 20:11 - 2015-11-04 20:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2016-02-27 18:03 - 2016-03-29 21:21 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-02-03 03:09 - 2016-03-29 21:21 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-02-27 18:03 - 2016-03-29 21:22 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-04-06 23:39 - 2016-03-29 21:21 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-04-06 23:39 - 2016-03-29 21:21 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-04-06 23:39 - 2016-03-29 21:21 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-04-06 23:39 - 2016-03-29 21:22 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-02-03 03:09 - 2016-03-29 21:22 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-05-01 19:49 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-05-01 19:49 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2016-05-01 17:07 - 2016-05-01 17:07 - 00959176 _____ () C:\Users\Matthew\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64\ClientTelemetry.dll
    2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-10 21:11 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-05-10 21:12 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-05-10 21:12 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-10 21:12 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-05-10 21:12 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2014-03-04 17:33 - 2016-03-29 21:27 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
    2014-03-04 17:33 - 2016-03-29 21:28 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
    2016-04-06 23:39 - 2016-03-29 21:20 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2016-04-06 23:39 - 2016-03-29 21:20 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-04-18 18:49 - 2016-04-18 18:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-05-01 16:52 - 2016-05-11 18:35 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
    2016-05-01 16:52 - 2014-01-27 23:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
    2016-05-01 22:58 - 2016-02-25 18:35 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
    2015-08-08 17:42 - 2016-03-29 21:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-05-12 20:51 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
    2016-05-12 20:51 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
    2016-05-01 17:07 - 2016-05-01 17:07 - 00679624 _____ () C:\Users\Matthew\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\ClientTelemetry.dll
    2016-01-05 21:11 - 2016-01-05 21:11 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
    2016-04-18 18:49 - 2016-04-18 18:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-18 18:49 - 2016-04-18 18:49 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-05-12 20:51 - 2016-05-11 07:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2013-08-22 09:25 - 2016-05-01 18:28 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    127.0.0.1 localhost


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    HKLM\...\StartupApproved\Run: => "IDSCCOMLHI"
    HKLM\...\StartupApproved\Run: => "Sound+"
    HKLM\...\StartupApproved\Run: => "WINCOM7JK"
    HKLM\...\StartupApproved\Run: => "WINCOM18M"
    HKLM\...\StartupApproved\Run32: => "ic-0.ecc67597b3cc68.exe -start"
    HKLM\...\StartupApproved\Run32: => "EasyHotspot"
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\...\StartupApproved\Run: => "Birds"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{E66FBBF1-137F-42F6-A8E8-97E659C592CF}] => (Allow) C:\Users\Matthew\AppData\Local\Temp\44649703\download\MiniThunderPlatform.exe
    FirewallRules: [{17C69F6B-6EBC-4C6F-91F5-D9FCA8AE25EF}] => (Allow) C:\Users\Matthew\AppData\Local\Temp\44649703\download\MiniThunderPlatform.exe
    FirewallRules: [UDP Query User{97FA4B79-8ABA-40C5-A73F-2DB782464653}A:\game storage\uo comraich\client.exe] => (Allow) A:\game storage\uo comraich\client.exe
    FirewallRules: [TCP Query User{3914B08E-FE90-468C-B09E-9457D028A873}A:\game storage\uo comraich\client.exe] => (Allow) A:\game storage\uo comraich\client.exe
    FirewallRules: [UDP Query User{49F1B659-B251-4626-BE2D-A0DB685EC4C5}A:\mirc\mirc.exe] => (Allow) A:\mirc\mirc.exe
    FirewallRules: [TCP Query User{5CA54F4B-1CAF-4B4C-B790-F78797D4C79F}A:\mirc\mirc.exe] => (Allow) A:\mirc\mirc.exe
    FirewallRules: [UDP Query User{7290D988-6813-4754-9DB4-11012DFB66FB}A:\game storage\uo - tab\stormclient.exe] => (Allow) A:\game storage\uo - tab\stormclient.exe
    FirewallRules: [TCP Query User{206EB70B-15D7-4470-9A6E-6611131B8F18}A:\game storage\uo - tab\stormclient.exe] => (Allow) A:\game storage\uo - tab\stormclient.exe
    FirewallRules: [UDP Query User{FE4F0B9D-9053-4DE8-9105-AAA8C73D3B3B}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
    FirewallRules: [TCP Query User{6EADC295-308F-41CD-9077-B0E6B89B74C8}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
    FirewallRules: [UDP Query User{9ECEC7D0-4204-4E45-A7A5-1E1AF73E469B}A:\game storage\star trek online_en\star trek online\playtest\gameclient.exe] => (Allow) A:\game storage\star trek online_en\star trek online\playtest\gameclient.exe
    FirewallRules: [TCP Query User{EDD6EB13-B65B-4DCC-A0CA-B551F22ED514}A:\game storage\star trek online_en\star trek online\playtest\gameclient.exe] => (Allow) A:\game storage\star trek online_en\star trek online\playtest\gameclient.exe
    FirewallRules: [UDP Query User{945F2D0C-6DCF-4666-9B4F-722941D48541}A:\game storage\star trek online_en\star trek online\live\gameclient.exe] => (Allow) A:\game storage\star trek online_en\star trek online\live\gameclient.exe
    FirewallRules: [TCP Query User{FC3C4BF2-994D-4606-8A59-2B12AAEF059D}A:\game storage\star trek online_en\star trek online\live\gameclient.exe] => (Allow) A:\game storage\star trek online_en\star trek online\live\gameclient.exe
    FirewallRules: [{C8604FA9-DC89-4A37-9BB4-36E98D3BDC98}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{B90D0148-A837-47CD-863D-9ECB25850494}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [UDP Query User{EC900049-E7A6-4466-8CE7-78A0ADAF91AD}A:\steam library (backup drive)\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{87123788-BDD8-403A-8A2C-D447BE3C1D3C}A:\steam library (backup drive)\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [{416854EC-82B4-43A3-AD1C-653831111A80}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
    FirewallRules: [{FD7DACAA-23D6-406A-9D58-FCBF9C2AB8DC}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
    FirewallRules: [{5147F240-5F03-49D3-9D29-DBBAF9A68D66}] => (Allow) A:\Game Storage\SWTOR\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{8CC18801-8F64-425E-93B1-7DA04B8ABB62}] => (Allow) A:\Game Storage\SWTOR\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{0FBD8B29-3115-4208-A73B-3BD41DE338B4}] => (Allow) A:\Game Storage\SWTOR\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{5AB91849-0207-4F0C-B1F7-80531E61CC4A}] => (Allow) A:\Game Storage\SWTOR\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{A6A381CF-3189-4C60-9D41-6EBB220A4381}] => (Allow) A:\Game Storage\ESO\Launcher\Bethesda.net_Launcher.exe
    FirewallRules: [{C7F668D7-7B16-4795-A00E-2A9BA40DB1D6}] => (Allow) A:\Game Storage\ESO\Launcher\Bethesda.net_Launcher.exe
    FirewallRules: [{784D0ECA-6B6D-443F-9C1D-35A63ED0DE9D}] => (Allow) A:\Game Storage\ESO\Launcher\Bethesda.net_Launcher.exe
    FirewallRules: [{CD09E82D-DDFB-481D-88E1-47B81CBA5F06}] => (Allow) A:\Game Storage\ESO\Launcher\Bethesda.net_Launcher.exe
    FirewallRules: [UDP Query User{D9E14EF4-A4AC-4C18-8A07-7BFCE116BBC7}C:\users\matthew\appdata\local\temp\i1429389904\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\matthew\appdata\local\temp\i1429389904\windows\resource\jre\bin\javaw.exe
    FirewallRules: [TCP Query User{EDF19100-74BD-4FCB-BF8E-DB041A816245}C:\users\matthew\appdata\local\temp\i1429389904\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\matthew\appdata\local\temp\i1429389904\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{304E7335-C781-403E-94FB-110732B54BC9}A:\game storage\the lord of the rings online - bullroarer\lotroclient.exe] => (Allow) A:\game storage\the lord of the rings online - bullroarer\lotroclient.exe
    FirewallRules: [TCP Query User{CCE1C31B-844E-4E9D-9ECD-A522A92CFAD0}A:\game storage\the lord of the rings online - bullroarer\lotroclient.exe] => (Allow) A:\game storage\the lord of the rings online - bullroarer\lotroclient.exe
    FirewallRules: [UDP Query User{D7935CF7-E743-4A03-BA6A-1F5A69CEB8E8}A:\game storage\the lord of the rings online\lotroclient.exe] => (Allow) A:\game storage\the lord of the rings online\lotroclient.exe
    FirewallRules: [TCP Query User{9AD46FE3-14DA-4D7A-B67B-C08CC4262F5A}A:\game storage\the lord of the rings online\lotroclient.exe] => (Allow) A:\game storage\the lord of the rings online\lotroclient.exe
    FirewallRules: [{FD4805CC-AE77-47CB-B654-EB8440541B45}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{BBD95373-52A4-475E-991A-D011F1392DA0}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{C0DD50CF-C79F-41F5-B78F-081398A1C635}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{3379EAE4-5A81-47D6-9F8E-B22A0C598C85}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{0F205C9A-BA3D-4DB4-8D6B-B0860A756A2D}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
    FirewallRules: [{997427BC-DD67-49D2-BFF7-82D32A08E715}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
    FirewallRules: [{DF1AAE35-95EC-4582-BC3D-FBCFAE3A83BA}] => (Allow) C:\Steam\SteamApps\common\Skyrim\CreationKit.exe
    FirewallRules: [{04F11CD1-6AEE-4F43-AD91-8ACEE985C747}] => (Allow) C:\Steam\SteamApps\common\Skyrim\CreationKit.exe
    FirewallRules: [{C21A4C8B-B83B-417A-9BDA-927B300DA605}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{1F2F6D04-4DCF-402F-993E-8D68D9F626B6}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{EACE225C-1D22-4524-9E73-CF3F1E41DB4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{DE03B5F6-0F08-474A-8683-339D6A17F07C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{5216E4AD-6C6C-437B-8712-08540B3E029A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{5143B2AE-4EAB-4A3A-ABE7-C3D4E56190A7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{97E0B721-2AEE-4E99-A0F7-D58CDB658BEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{0A0A30BE-C473-45EB-8FEE-64ADC8EA9064}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [UDP Query User{D7BE743E-FA7A-408F-ACD9-6E8A53D7535E}C:\program files (x86)\turbine\the lord of the rings online - bullroarer\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online - bullroarer\lotroclient.exe
    FirewallRules: [TCP Query User{F80DD2D7-9E12-47A9-BC39-5D94D0D52BC2}C:\program files (x86)\turbine\the lord of the rings online - bullroarer\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online - bullroarer\lotroclient.exe
    FirewallRules: [UDP Query User{8A2DA804-2CA5-41B3-A446-6BDB6EFD1F77}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{5FF0B32E-38B1-4156-B107-524B40A754E8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{2392EFA0-C052-40DF-A09F-97670F6E47E9}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
    FirewallRules: [TCP Query User{ECE0FFA1-90D7-4947-B4D5-D61CBC612258}C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
    FirewallRules: [{0BD48747-8CB7-419D-A550-E465E656374E}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{7A200EF3-1A70-4FEA-86F2-45375AB8D310}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B95E98AC-A203-4A81-8255-BD2D3E55FC89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{EF5BBC0F-4A09-4CBC-B8D2-2E4AE6505BB1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{5FF4BEBE-035E-4639-B55E-1BA7A69E2533}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{DB2FC58A-C67D-4D11-9BC0-C3065907B82A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{4A01952D-FAE5-40E1-BF21-F620A1C42D6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{A7FB1A69-B19E-4FBA-B048-39551EFFD16F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [UDP Query User{E8ED3350-E0D3-4AE6-BD77-F51F44DC1D09}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe
    FirewallRules: [TCP Query User{0F6770E4-97F5-496A-AF0F-FDD5B566CB74}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe
    FirewallRules: [{FCE3909F-A828-4C84-8F5A-A7E08E5D428A}] => (Allow) C:\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
    FirewallRules: [{020E16C0-CDB9-46D5-AD92-8EB9231909C1}] => (Allow) C:\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
    FirewallRules: [UDP Query User{69593656-B89B-431F-AD46-92613486C1F8}C:\program files (x86)\portalarium\shroud of the avatar\launcher.exe] => (Allow) C:\program files (x86)\portalarium\shroud of the avatar\launcher.exe
    FirewallRules: [TCP Query User{7CF0AF39-E0B9-4B5F-B7E0-D3B0943DAE74}C:\program files (x86)\portalarium\shroud of the avatar\launcher.exe] => (Allow) C:\program files (x86)\portalarium\shroud of the avatar\launcher.exe
    FirewallRules: [{68AA4E24-228B-4F77-90C8-F2DBA357836B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{E02C96A5-1806-4CF1-A1D5-7E5475883AC9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{2EBE1A70-1D24-4235-88C2-6CAFE05975E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{3376E96C-EC1E-4A03-AC6A-5957F2D16FD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{1ABDFDFA-5728-4562-9955-29107B55293E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{4FD0B72B-C890-4C5A-8231-0CE11E1CFD64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{B3AD4F74-6CDD-43E9-AAC3-0766ACEFEF65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{2E9EB988-BF73-4945-A3C6-9A1DA954BE49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{EB3568AF-380D-4D08-8CD0-7438BD0799D2}] => (Allow) C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{4945908C-15FF-4877-B1E6-FDD0EB9644B1}] => (Allow) C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1700B645-201F-4A2E-8D9E-9C1F1D81E81D}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
    FirewallRules: [{CE1B8DED-B7F3-4D8A-B98C-B661040ECFC9}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
    FirewallRules: [{5E9D7650-565B-46BF-835F-4E47011D0650}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
    FirewallRules: [{54B52188-9148-46FA-A216-E3CB6DB03C4B}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
    FirewallRules: [UDP Query User{1143FDBB-AEB1-4BC7-8E47-E1F8C1586932}C:\users\matthew\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\matthew\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{AEDE7DA1-2FEB-46F5-A65D-77E01EDE4A34}C:\users\matthew\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\matthew\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{D9331DAB-37F1-4C4F-8B91-B8261A1B772E}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{B2A9E6A2-CC58-4101-896D-CAB82AE9D6E8}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{D26AF764-F703-497A-B095-9F7CB1FB3EA6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{D421868F-455F-4054-B240-F4C83861D248}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{22703274-E017-46CF-8AC8-6E44A58C53E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{78732CA6-1181-4F03-96CD-1C4361F0C8B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{D0730CD1-71B4-4682-B187-B9401007A3F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{752C0D26-9B28-4F84-8AAC-D9B7ADC8D17E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{2E6A4B1D-20D4-4BFD-A476-74AB485586CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{019E9129-D69D-4AD1-9712-DE566CE39E3C}] => (Allow) A:\Game Storage\Civ4\Civilization4.exe
    FirewallRules: [{24EBDBD9-7302-46B3-8456-A37FB6113AAB}] => (Allow) A:\Game Storage\Civ4\Civilization4.exe
    FirewallRules: [{6A70DF5C-227B-4326-8329-536F21970D7B}] => (Allow) A:\Game Storage\Civ4\Warlords\Civ4Warlords.exe
    FirewallRules: [{2BA9A2DB-9111-4E7A-B3B8-4CD21F1F5C11}] => (Allow) A:\Game Storage\Civ4\Warlords\Civ4Warlords.exe
    FirewallRules: [{AAEB098F-BD37-4471-8C23-38ABA1AEC356}] => (Allow) A:\Game Storage\Civ4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{2EEDF8AB-E267-44A8-9A87-E12518CF295A}] => (Allow) A:\Game Storage\Civ4\Beyond the Sword\Civ4BeyondSword.exe
    FirewallRules: [{D367BCBD-CB63-4B63-BCA9-EA470094370A}] => (Allow) A:\Game Storage\Civ4\Colonization\Colonization.exe
    FirewallRules: [{B04D2C06-70A7-4186-9E06-4EE98ACA9BC9}] => (Allow) A:\Game Storage\Civ4\Colonization\Colonization.exe
    FirewallRules: [{621C3379-0E30-49D3-91FB-67C2EDABB4BC}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Shadowrun Hong Kong\SRHK.exe
    FirewallRules: [{66BFC0B8-0853-4775-826D-BFF4B0ABBF68}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Shadowrun Hong Kong\SRHK.exe
    FirewallRules: [{F0776BB0-2CB3-45B3-B87F-3B59A02362D2}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{DA0E3FC2-7B14-4B77-BF27-486F1190953D}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [TCP Query User{E7D2113F-7494-4050-8590-2097B6CA3897}A:\ddo\dungeons & dragons online\dndclient.exe] => (Allow) A:\ddo\dungeons & dragons online\dndclient.exe
    FirewallRules: [UDP Query User{EE4C3FA9-BCB3-4491-8297-C959E7DEE7D9}A:\ddo\dungeons & dragons online\dndclient.exe] => (Allow) A:\ddo\dungeons & dragons online\dndclient.exe
    FirewallRules: [{0B2360AA-70EE-4265-9C49-6C3E52B3C407}] => (Allow) C:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{F2038EC9-076D-4DE7-B345-821A652FD3C9}] => (Allow) C:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{D4422B30-DEB4-4765-A22A-1DDD1A92BBB5}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{A8DD6E37-4E30-4090-8639-267DEC9676DE}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{BD008BDA-5CA8-488D-95A3-E6508EC437B1}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{F800136B-C891-47C7-8304-780AD430AD80}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [TCP Query User{1BCFD656-D7DB-4B9C-8FCD-E53B83F40A2B}A:\steam library (backup drive)\steamapps\common\fallout 4\fallout4.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [UDP Query User{32F8E6E8-677C-460E-89F8-32FB086745FD}A:\steam library (backup drive)\steamapps\common\fallout 4\fallout4.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\fallout 4\fallout4.exe
    FirewallRules: [{1D9F1160-AA64-4489-AB01-58B30660852A}] => (Allow) LPort=49740
    FirewallRules: [{BEDCB6E7-E0E2-4B45-A187-C03B01B95BBF}] => (Allow) LPort=5000
    FirewallRules: [{6885146A-A4DE-4C3D-AC89-5F1D5CC78142}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
    FirewallRules: [{CF532BC6-753A-4A2D-AE09-A78DCD241F8C}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
    FirewallRules: [TCP Query User{68916469-DA3E-4A78-BF07-4D746D42D3A4}A:\games\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) A:\games\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
    FirewallRules: [UDP Query User{FCB6BDC7-54E3-45B1-BE9F-D1E1DFCBB4B7}A:\games\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) A:\games\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
    FirewallRules: [{745D4E27-A90B-4D60-8767-65B01CF9FA5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D7D4EE0E-53CA-4A2C-A235-BDD92A5F5A19}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
    FirewallRules: [{F7A352AB-4C53-4D8F-AC8A-F328C8087C89}] => (Allow) A:\Steam Library (Backup Drive)\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
    FirewallRules: [TCP Query User{61F65FF4-8668-436A-BDD7-9D5EFEBC28C8}A:\steam library (backup drive)\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\empyrion - galactic survival\empyrion.exe
    FirewallRules: [UDP Query User{7AB07CF0-C84F-434E-B1DD-B0208B1D7EC5}A:\steam library (backup drive)\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) A:\steam library (backup drive)\steamapps\common\empyrion - galactic survival\empyrion.exe


    ==================== Restore Points =========================


    10-05-2016 02:36:14 5/10/16
    13-05-2016 03:06:11 JRT Pre-Junkware Removal


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (05/15/2016 01:51:36 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


    Error: (05/14/2016 02:45:44 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


    Error: (05/14/2016 02:44:37 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


    Error: (05/11/2016 02:44:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2059.1762, time stamp: 0x56fb173e
    Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x56fb1c2b
    Exception code: 0xc0000005
    Fault offset: 0x00000000000d45a0
    Faulting process id: 0xf54
    Faulting application start time: 0xNvStreamNetworkService.exe0
    Faulting application path: NvStreamNetworkService.exe1
    Faulting module path: NvStreamNetworkService.exe2
    Report Id: NvStreamNetworkService.exe3
    Faulting package full name: NvStreamNetworkService.exe4
    Faulting package-relative application ID: NvStreamNetworkService.exe5


    Error: (05/10/2016 09:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    Error: (05/10/2016 09:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8


    Error: (05/09/2016 06:53:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.218, time stamp: 0x56ff3b2e
    Faulting module name: MicrosoftEdge.exe, version: 11.0.10586.218, time stamp: 0x56ff3b2e
    Exception code: 0xc0000005
    Fault offset: 0x00000000000cf1f3
    Faulting process id: 0x2728
    Faulting application start time: 0xMicrosoftEdge.exe0
    Faulting application path: MicrosoftEdge.exe1
    Faulting module path: MicrosoftEdge.exe2
    Report Id: MicrosoftEdge.exe3
    Faulting package full name: MicrosoftEdge.exe4
    Faulting package-relative application ID: MicrosoftEdge.exe5


    Error: (05/05/2016 09:31:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Autoruns.exe version 13.51.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


    Process ID: 318


    Start Time: 01d1a736bf969afa


    Termination Time: 25


    Application Path: C:\Users\Matthew\Desktop\Autoruns\Autoruns.exe


    Report Id: 498374d2-132a-11e6-bf7d-bcee7b8dae1e


    Faulting package full name:


    Faulting package-relative application ID:


    Error: (05/05/2016 12:41:39 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


    Error: (05/05/2016 12:41:17 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.




    System errors:
    =============
    Error: (05/15/2016 01:08:28 PM) (Source: DCOM) (EventID: 10016) (User: SEZNEG)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SeznegMatthewS-1-5-21-1814717882-3326078079-3800742243-1001LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795


    Error: (05/15/2016 03:38:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_3029260 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/15/2016 03:38:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_3029260 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/15/2016 03:38:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_3029260 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/15/2016 03:38:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_3029260 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/15/2016 03:38:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


    Error: (05/14/2016 02:18:10 PM) (Source: DCOM) (EventID: 10016) (User: SEZNEG)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SeznegMatthewS-1-5-21-1814717882-3326078079-3800742243-1001LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795


    Error: (05/14/2016 01:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_28bf8af service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/14/2016 01:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_28bf8af service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Error: (05/14/2016 01:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_28bf8af service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.




    CodeIntegrity:
    ===================================
    Date: 2016-05-14 19:42:19.721
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-14 14:18:41.535
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-12 20:36:28.764
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-11 18:35:21.822
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-09 18:33:34.443
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-02 10:08:27.682
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\TortoiseSVN\bin\TortoiseStub.dll that did not meet the Store signing level requirements.


    Date: 2016-05-01 22:57:13.103
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-01 22:57:13.040
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-01 22:57:13.035
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-05-01 22:57:13.012
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16322.39 MB
    Available physical RAM: 12845.89 MB
    Total Virtual: 18754.39 MB
    Available Virtual: 14611.21 MB


    ==================== Drives ================================


    Drive a: (Storage) (Fixed) (Total:698.51 GB) (Free:378.21 GB) NTFS
    Drive c: (New Volume) (Fixed) (Total:223.13 GB) (Free:33.34 GB) NTFS ==>[system with boot components (obtained from drive)]


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0CC3DA0F)
    Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)


    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000)


    Partition: GPT.


    ==================== End of Addition.txt ============================

    Result of Security Analysis by Rocket Grannie (x86) Updated: 13th May 2016
    Running from:C:\Users\Matthew\Desktop (15:30:16 - 05/15/2016)
    ***---------------------------------------------------------***
    Microsoft Windows 10 Pro X64
    UAC is Enabled!
    Internet Explorer 11
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ***-----------------Anti-Virus - Firewall-------------------***
    Windows Defender (Enabled - up to Date)
    Windows Firewall is Enabled!
    Searching for any other Firewall
    *No other Firewall Installed*
    ***----------------AntiSpyware - Miscellaneous---------------***
    Adobe flash Player Plugin is not installed
    Java (version 8.31.13) is *out of Date*
    Google Chrome (version 50)
    Malwarebytes Anti-Malware (version 2.2.1.1043)


    ***----------------Analysis Complete-------------------------***

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Thank you for the logs. My apology for the delay in responding. My time is a bit limited for a few days since I have family visiting from out of town.

    1. Although most people don't need Java, it may be required for the games installed on your computer. You do, however, need to keep it updated as it has long been a target for malware.

    Java Version 8 Update 91 contains important security fixes and Java Version 8 Update 92 is described as a patch-set update, which includes the updates in Version 8u91 plus the additional features described in the release notes.

    Download link: Java SE 8u91
    Java SE 8u92 can be found here. Select the appropriate version for your operating system.
    Verify your version: Verify Java Version

    UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. The next scheduled Java update is July 19.

    2. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.

    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Task: {29E78583-EF1F-4C05-B48B-C5B55BA19F4A} - \PC-Speedup-Pro_Logon -> No File <==== ATTENTION
    Task: {2CB53675-98C1-4D50-A156-2396722E3D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {33C2B233-D9A9-47DA-B95E-054AF02C4A7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {44B48F03-F005-4A2F-87F7-DAAABF5B73DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {67E46C15-053E-477D-B6BF-E93DCC38E4FA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9352EBAB-52C8-4A1B-850D-83CA131930DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9E8A58ED-A0C2-45EE-95E0-8A2D9F25F8EE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A23FC137-43C5-4C81-B4C7-1DDB47538444} - \AppManager_logon -> No File <==== ATTENTION
    Task: {A45B2E0E-FEEF-4742-AF47-C2E69ACAAF16} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A5DB31CE-D7E5-457A-AF22-B40FD32E98BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AF3F9BAB-BC86-4568-B5A1-B1FD5D870B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {DAE74BA0-4619-4B7C-9C75-278316ABD593} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F53CC08D-ED88-4CED-A094-E299ADDBFCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.



    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Malware corruption of Microsoft Edge

    Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
    Ran by Matthew (2016-05-17 02:55:15) Run:1
    Running from C:\Users\Matthew\Desktop
    Loaded Profiles: Matthew (Available Profiles: Matthew)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Task: {29E78583-EF1F-4C05-B48B-C5B55BA19F4A} - \PC-Speedup-Pro_Logon -> No File <==== ATTENTION
    Task: {2CB53675-98C1-4D50-A156-2396722E3D4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {33C2B233-D9A9-47DA-B95E-054AF02C4A7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {44B48F03-F005-4A2F-87F7-DAAABF5B73DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {67E46C15-053E-477D-B6BF-E93DCC38E4FA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9352EBAB-52C8-4A1B-850D-83CA131930DD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9E8A58ED-A0C2-45EE-95E0-8A2D9F25F8EE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A23FC137-43C5-4C81-B4C7-1DDB47538444} - \AppManager_logon -> No File <==== ATTENTION
    Task: {A45B2E0E-FEEF-4742-AF47-C2E69ACAAF16} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A5DB31CE-D7E5-457A-AF22-B40FD32E98BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AF3F9BAB-BC86-4568-B5A1-B1FD5D870B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {DAE74BA0-4619-4B7C-9C75-278316ABD593} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F53CC08D-ED88-4CED-A094-E299ADDBFCFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    EmptyTemp:
    end
    *****************


    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\system32\GroupPolicy\User => moved successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1814717882-3326078079-3800742243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29E78583-EF1F-4C05-B48B-C5B55BA19F4A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29E78583-EF1F-4C05-B48B-C5B55BA19F4A}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Speedup-Pro_Logon => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CB53675-98C1-4D50-A156-2396722E3D4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CB53675-98C1-4D50-A156-2396722E3D4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C2B233-D9A9-47DA-B95E-054AF02C4A7E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C2B233-D9A9-47DA-B95E-054AF02C4A7E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44B48F03-F005-4A2F-87F7-DAAABF5B73DF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44B48F03-F005-4A2F-87F7-DAAABF5B73DF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67E46C15-053E-477D-B6BF-E93DCC38E4FA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E46C15-053E-477D-B6BF-E93DCC38E4FA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9352EBAB-52C8-4A1B-850D-83CA131930DD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9352EBAB-52C8-4A1B-850D-83CA131930DD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E8A58ED-A0C2-45EE-95E0-8A2D9F25F8EE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E8A58ED-A0C2-45EE-95E0-8A2D9F25F8EE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A23FC137-43C5-4C81-B4C7-1DDB47538444}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A23FC137-43C5-4C81-B4C7-1DDB47538444}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppManager_logon => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A45B2E0E-FEEF-4742-AF47-C2E69ACAAF16}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A45B2E0E-FEEF-4742-AF47-C2E69ACAAF16}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5DB31CE-D7E5-457A-AF22-B40FD32E98BC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5DB31CE-D7E5-457A-AF22-B40FD32E98BC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF3F9BAB-BC86-4568-B5A1-B1FD5D870B80}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF3F9BAB-BC86-4568-B5A1-B1FD5D870B80}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAE74BA0-4619-4B7C-9C75-278316ABD593}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE74BA0-4619-4B7C-9C75-278316ABD593}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F53CC08D-ED88-4CED-A094-E299ADDBFCFF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53CC08D-ED88-4CED-A094-E299ADDBFCFF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    EmptyTemp: => 1 GB temporary data Removed.




    The system needed a reboot.


    ==== End of Fixlog 02:55:26 ====

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Did you update Java and have you tried Microsoft Edge again?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Malware corruption of Microsoft Edge

    I did update Java and all other steps. Everything looks good, but upon running edge I see Windows Defender has flagged a process again, and edge is still non-functional. I really think it's been hijacked.

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Please follow the instructions below to run an on-line scan from ESET.
    • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
      • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
      • Click the green ESET Online Scanner box.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the Eset Smart Installer icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Malware corruption of Microsoft Edge

    Here is the ESSET Log:

    C:\Windows.old\Users\Matthew\AppData\Local\Temp\setup_765.exe a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting
    C:\Windows.old\Users\Matthew\AppData\Local\Temp\nsc1DB6.tmp\GhshKaolc.dll a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting
    C:\Windows.old\Users\Matthew\AppData\Local\Temp\nsc1DB6.tmp\IurouGar.dll a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting
    C:\Windows.old\Users\Matthew\AppData\Local\Temp\nsc1DB6.tmp\Enaplueblh\WofyelFausl.exe a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting
    C:\Windows.old\Users\Matthew\AppData\Local\Temp\nsc1DB6.tmp\Gluplaittov\WofyelFausl.exe a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting
    C:\Windows.old\Users\Matthew\AppData\Local\Temp\nsc1DB6.tmp\Wekamwuozty\WofyelFausl.exe a variant of Win32/TrojanDropper.Addrop.AN trojan cleaned by deleting

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Is Windows Defender "happy" now? What about Microsoft Edge?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Re: Malware corruption of Microsoft Edge

    I did not see windows defender flag a process.

    However, I went to manually open windows defender and it gave me a warning to not open this because it was from an "unknown publisher". I found that odd. Let me know if I should ignore.

    Also, edge continues to not open pages or render sites when launched from the start bar, but does open pages and function fine when a URL is entered into Cortana.

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    You said earlier that you ran a Malwarebytes scan. How about updating and this time select Rootkit scank. Launch MBAM and check for updates. Then click the Settings button > Detection and Protection and select all options within the "Detection Options". Please post a copy of the log results.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #13

    Re: Malware corruption of Microsoft Edge

    Nothing too terrible, probably just some junk that got installed when the last trojan process ran:

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software


    Scan Date: 5/21/2016
    Scan Time: 7:00 PM
    Logfile:
    Administrator: Yes


    Version: 2.2.1.1043
    Malware Database: v2016.05.21.05
    Rootkit Database: v2016.05.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled


    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Matthew


    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 302440
    Time Elapsed: 6 min, 31 sec


    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled


    Processes: 0
    (No malicious items detected)


    Modules: 0
    (No malicious items detected)


    Registry Keys: 0
    (No malicious items detected)


    Registry Values: 0
    (No malicious items detected)


    Registry Data: 0
    (No malicious items detected)


    Folders: 2
    PUP.Optional.MCorp, C:\Users\Matthew\AppData\Roaming\MCorp\1147, , [c7c2a23645540a2c60b52eaf38cb9b65],
    PUP.Optional.MCorp, C:\Users\Matthew\AppData\Roaming\MCorp, , [c7c2a23645540a2c60b52eaf38cb9b65],


    Files: 1
    PUP.Optional.MCorp, C:\Users\Matthew\AppData\Roaming\MCorp\1147\udpx, , [c7c2a23645540a2c60b52eaf38cb9b65],


    Physical Sectors: 0
    (No malicious items detected)




    (end)

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Taking another look at your logs, I spotted the following:

    Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\TortoiseSVN\bin\TortoiseStub.dll that did not meet the Store signing level requirements.

    I suggest you uninstall TortiseSub, restart the computer and then see if Microsoft Edge will run. If that doesn't solve the problem, you may need to Reset your PC. From Recovery options in Windows 10 - Windows Help: Resetting lets you choose whether to keep your files or remove them, and then reinstalls Windows. To get started, go to Settings > Update & security > Reset this PC > Get started and choose the "Keep my files" option which does the following:


    • Reinstalls Windows 10 and keeps your personal files.
    • Removes apps and drivers you installed.
    • Removes changes you made to settings.
    • Removes any apps your PC manufacturer installed. (If your PC came with Windows 10, apps from your PC manufacturer will be reinstalled.)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    I just came across instructions on How To Reinstall Microsoft Edge In Windows 10 and remembered your problems with Microsoft Edge.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  16. #16

    Re: Malware corruption of Microsoft Edge

    I think I got things right again.

    I realized that edge was launching and running properly from cortana, but not from the start bar. I unpinned it, launched from Cortana and repinned it and that has solved everything.

    I had previously run the repair instructions for edge with Aura (another mod here from the windows support side of things). I appreciate the help. All my scans are coming up clear now and no new funky processes. I think this is good.

  17. #17
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,972

    Re: Malware corruption of Microsoft Edge

    Excellent! Thank you for letting me know. Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Replies: 0
    Last Post: 03-31-2016, 05:42 PM
  2. New Information about Microsoft Edge Extensions
    By JMH in forum Web Browser News
    Replies: 0
    Last Post: 03-13-2016, 06:19 PM
  3. [SOLVED] Microsoft Edge Corruptions
    By scottmandu in forum Windows 10
    Replies: 2
    Last Post: 11-05-2015, 01:10 AM
  4. Microsoft Edge is the browser for Windows 10
    By JMH in forum Microsoft News
    Replies: 0
    Last Post: 05-01-2015, 06:41 AM

Log in

Log in