# Bad Image



## firegolfer212 (Aug 28, 2017)

I keep getting this error message when I try to open select files. I've tried Malwarebytes, running windows fix, And running a scan in the CMD and none of them have worked. I would appreciate any ideas on how to solve this. I'm currently running Windows 10.


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy

Sorry for the lateness in a reply, these forums can be very busy. Are you still having this problem? If so, can you do the following and we'll go from there:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will produce a log called *FRST.txt* in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thanks

eddie


----------



## firegolfer212 (Aug 28, 2017)

Ok here is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Jesse (administrator) on JESSE-PC (11-10-2017 07:44:21)
Running from C:\Users\Jesse\Downloads
Loaded Profiles: Jesse (Available Profiles: Jesse)
Platform: Windows 10 Home Version 1703 170317-1834 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Program Files (x86)\TotalAV\SecurityService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Logitech) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.35\opera.exe
() C:\Program Files (x86)\TotalAV\TotalAV.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-10] (Logitech Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2125944 2017-09-12] (Logitech, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{16275439-f250-4fea-a924-9c35f6762590}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{726b071a-b227-412c-bd20-ce64e550b603}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Slides) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-26]
CHR Extension: (Google Docs) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-26]
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-26]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-26]
CHR Extension: (Google Sheets) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-28]
CHR Extension: (Total AV Web Shield) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [441696 2017-08-11] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-10-14] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-09-29] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-09-29] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2016-09-29] (Logitech Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-11] (Malwarebytes)
S3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2015-12-11] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26744 2017-06-21] (Windows (R) Win 7 DDK provider)
S3 Said2215; C:\WINDOWS\System32\drivers\Said2215.sys [25280 2014-03-06] (Saitek)
S3 Saida215; C:\WINDOWS\System32\drivers\Saida215.sys [25280 2014-03-06] (Saitek)
S3 SaiG2215; C:\WINDOWS\System32\drivers\SaiG2215.sys [179904 2014-03-06] (Saitek)
S3 SaiGa215; C:\WINDOWS\System32\drivers\SaiGa215.sys [179904 2014-03-06] (Saitek)
S3 SaiK2215; C:\WINDOWS\System32\drivers\SaiK2215.sys [179904 2014-03-06] (Saitek)
S3 SaiKa215; C:\WINDOWS\System32\drivers\SaiKa215.sys [179904 2014-03-06] (Saitek)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 vhidmini; C:\WINDOWS\System32\drivers\vjoy.sys [15104 2012-10-15] (Headsoft)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 07:44 - 2017-10-11 07:44 - 000010927 _____ C:\Users\Jesse\Downloads\FRST.txt
2017-10-11 07:44 - 2017-10-11 07:44 - 000000000 ____D C:\FRST
2017-10-11 07:41 - 2017-10-11 07:41 - 002401792 _____ (Farbar) C:\Users\Jesse\Downloads\FRST64.exe
2017-10-11 07:40 - 2017-10-11 07:40 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 07:23 - 2017-10-11 07:23 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-08 07:59 - 2017-10-08 07:59 - 000663868 _____ C:\WINDOWS\Minidump\100817-6281-01.dmp
2017-10-06 12:50 - 2017-10-06 12:50 - 000736108 _____ C:\WINDOWS\Minidump\100617-5968-01.dmp
2017-09-28 18:35 - 2017-09-18 19:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-28 18:35 - 2017-09-18 19:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-09-28 18:35 - 2017-09-18 19:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-09-28 18:35 - 2017-09-18 19:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-09-28 18:35 - 2017-09-18 19:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-09-28 18:35 - 2017-09-18 19:17 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-28 18:35 - 2017-09-18 19:17 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-28 18:35 - 2017-09-18 19:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-28 18:35 - 2017-09-18 19:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-09-28 18:35 - 2017-09-18 19:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-09-28 18:35 - 2017-09-18 18:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-09-28 18:35 - 2017-09-18 18:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-09-28 18:35 - 2017-09-18 18:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-09-28 18:35 - 2017-09-18 18:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-09-28 18:35 - 2017-09-18 18:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-09-28 18:35 - 2017-09-18 18:18 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-28 18:35 - 2017-09-18 18:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-09-24 14:43 - 2017-10-08 07:59 - 1186147999 _____ C:\WINDOWS\MEMORY.DMP
2017-09-24 14:43 - 2017-09-24 14:43 - 000696596 _____ C:\WINDOWS\Minidump\092417-5000-01.dmp
2017-09-22 19:43 - 2017-09-22 19:43 - 000000000 ____D C:\Program Files\Logitech
2017-09-22 17:58 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-22 17:58 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-22 17:58 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-22 17:58 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-22 17:58 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-22 17:58 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-22 17:58 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-22 17:58 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-22 17:58 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-22 17:58 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-22 17:58 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-22 17:58 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-22 17:58 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-22 17:58 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-22 17:58 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-22 17:58 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-22 17:58 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-22 17:58 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-22 17:58 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-22 17:58 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-22 17:58 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-22 17:58 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-22 17:58 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-22 17:58 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-22 17:58 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-22 17:58 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-22 17:58 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-22 17:58 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-22 17:58 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-22 17:58 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-22 17:58 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-22 17:58 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-22 17:58 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-22 17:58 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-22 17:58 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-22 17:58 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-22 17:58 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-22 17:58 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-22 17:58 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-22 17:58 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-22 17:58 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-22 17:58 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-22 17:58 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-22 17:58 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-22 17:58 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-22 17:58 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-22 17:58 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-22 17:58 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-22 17:58 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-22 17:58 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-22 17:58 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-22 17:58 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-22 17:58 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-22 17:58 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-22 17:58 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-22 17:58 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-22 17:58 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-22 17:58 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-22 17:58 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-22 17:58 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-22 17:58 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-22 17:58 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-22 17:58 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-22 17:58 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-22 17:58 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-22 17:58 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-22 17:58 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-22 17:58 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-22 17:58 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-22 17:58 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-22 17:58 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-22 17:58 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-22 17:58 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-22 17:58 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-22 17:58 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-22 17:58 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-22 17:58 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-22 17:58 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-22 17:58 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-22 17:58 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-22 17:58 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-22 17:58 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-22 17:58 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-22 17:58 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-22 17:58 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-22 17:58 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-22 17:58 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-22 17:58 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-22 17:58 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-22 17:58 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-22 17:58 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-22 17:58 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-22 17:58 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-22 17:58 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-22 17:58 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-22 17:58 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-22 17:58 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-22 17:58 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-22 17:58 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-22 17:58 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-22 17:58 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-22 17:58 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-22 17:58 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-22 17:58 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-22 17:58 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-22 17:58 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-22 17:58 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-22 17:58 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-22 17:58 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-22 17:58 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-22 17:58 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-22 17:58 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-22 17:58 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-22 17:58 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-22 17:58 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-22 17:58 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-22 17:58 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-22 17:58 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-22 17:58 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-22 17:58 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-22 17:58 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-22 17:58 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-22 17:58 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-22 17:58 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-22 17:58 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-22 17:58 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-22 17:58 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-22 17:58 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-22 17:58 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-22 17:58 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-22 17:58 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-22 17:58 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-22 17:58 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-22 17:58 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-22 17:58 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-22 17:58 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-22 17:58 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-22 17:58 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-22 17:58 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-22 17:58 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-22 17:58 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-22 17:58 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-22 17:58 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-22 17:58 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-22 17:58 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-22 17:58 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-22 17:58 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-22 17:58 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-22 17:58 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-22 17:58 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-22 17:58 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-22 17:58 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-22 17:58 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-22 17:58 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-22 17:58 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-22 17:58 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-22 17:58 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-22 17:58 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-22 17:58 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-22 17:58 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-22 17:58 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-22 17:58 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-22 17:57 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-22 17:57 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-22 17:57 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-22 17:57 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-22 17:57 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-22 17:57 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-22 17:57 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-22 17:57 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-22 17:57 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-22 17:57 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-22 17:57 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-22 17:57 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-22 17:57 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-22 17:57 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-22 17:57 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-22 17:57 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-22 17:57 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-22 17:57 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-22 17:57 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-22 17:57 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-22 17:57 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-22 17:57 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-22 17:57 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-22 17:57 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-22 17:57 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-22 17:57 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-22 17:57 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-22 17:57 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-22 17:57 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-22 17:57 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-22 17:57 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-22 17:57 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-22 17:57 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-22 17:57 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-22 17:57 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-22 17:57 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-22 17:57 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-22 17:57 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-22 17:57 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-22 17:57 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 07:43 - 2017-08-21 16:34 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 07:43 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-11 07:41 - 2017-08-21 13:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 07:40 - 2017-08-21 16:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-11 07:40 - 2017-08-21 13:39 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:38 - 2017-08-21 13:30 - 000000000 ____D C:\ProgramData\LogiShrd
2017-10-11 07:32 - 2017-08-21 12:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-11 07:23 - 2017-08-28 13:52 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-08 21:32 - 2017-08-21 13:40 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-08 21:32 - 2017-08-21 12:42 - 000000000 ____D C:\Users\Jesse
2017-10-08 19:07 - 2017-08-21 12:47 - 001608530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-08 07:59 - 2017-08-24 19:18 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-08 07:59 - 2017-08-21 12:51 - 000000000 ____D C:\Program Files\Opera
2017-10-08 07:59 - 2017-08-21 12:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-06 13:02 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\rescache
2017-10-06 12:55 - 2017-08-21 12:55 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1503334509
2017-10-06 12:55 - 2017-08-21 12:55 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-10-05 07:20 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\INF
2017-09-28 22:22 - 2017-08-21 16:30 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-28 18:36 - 2017-08-28 14:29 - 000000000 ____D C:\Users\Jesse\AppData\Local\ElevatedDiagnostics
2017-09-25 16:26 - 2017-08-24 20:19 - 000000000 ____D C:\Program Files\Rockstar Games
2017-09-25 16:26 - 2017-08-24 20:19 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-09-23 15:37 - 2015-12-18 14:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-23 15:36 - 2017-08-21 12:40 - 000217888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-22 23:27 - 2017-08-21 16:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-22 19:43 - 2017-08-21 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-09-22 19:43 - 2017-08-21 13:11 - 000000000 ____D C:\Program Files (x86)\TotalAV
2017-09-22 18:02 - 2017-08-21 12:46 - 000000000 ____D C:\Users\Jesse\AppData\Local\Publishers
2017-09-22 17:35 - 2017-08-21 12:49 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1506985641-429325667-4285346549-1000
2017-09-22 17:35 - 2017-08-21 12:48 - 000002363 _____ C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-22 17:35 - 2015-10-29 14:41 - 000000000 ___RD C:\Users\Jesse\OneDrive
2017-09-22 17:31 - 2017-08-26 15:07 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Some files in TEMP:
====================
2017-09-12 14:37 - 2017-09-12 14:37 - 000552568 _____ (Logitech) C:\Users\Jesse\AppData\Local\Temp\LDeviceInstaller.exe
2017-09-22 19:43 - 2017-07-11 19:12 - 000058304 _____ (Logitech Inc.) C:\Users\Jesse\AppData\Local\Temp\LogiOptionsfileUninstaller.exe
2017-09-22 19:43 - 2017-07-11 19:19 - 000261384 _____ (Logitech Inc.) C:\Users\Jesse\AppData\Local\Temp\LogiOptionsUninstaller.exe
2017-09-12 14:39 - 2017-09-12 14:39 - 004238456 _____ (Logitech, Inc.) C:\Users\Jesse\AppData\Local\Temp\PlugInInstallerUtility.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-11 07:29

==================== End of FRST.txt ============================


----------



## firegolfer212 (Aug 28, 2017)

And here is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Jesse (11-10-2017 07:44:54)
Running from C:\Users\Jesse\Downloads
Windows 10 Home Version 1703 170317-1834 (X64) (2017-08-21 16:45:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1506985641-429325667-4285346549-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1506985641-429325667-4285346549-503 - Limited - Disabled)
Guest (S-1-5-21-1506985641-429325667-4285346549-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1506985641-429325667-4285346549-1002 - Limited - Enabled)
Jesse (S-1-5-21-1506985641-429325667-4285346549-1000 - Administrator - Enabled) => C:\Users\Jesse

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Total AV (Enabled - Up to date) {AB73D7DB-EEDE-3CBB-CC36-E31145532EB0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Total AV (Enabled - Up to date) {1012363F-C8E4-3335-F686-D8633ED4640D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aces High III (HKLM\...\Steam App 651090) (Version: - HiTech Creations)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.108 - Logitech Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1506985641-429325667-4285346549-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NaturalPoint USB Drivers x64 (HKLM\...\{533773B8-9AC1-4C0F-A2BF-57466A45C6F5}) (Version: 2.70.0000 - NaturalPoint)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
Opera Stable 48.0.2685.35 (HKLM-x32\...\Opera 48.0.2685.35) (Version: 48.0.2685.35 - Opera Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.2.0 - Rockstar Games)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
TotalAV (HKLM-x32\...\TotalAV) (Version: 1.34.8 - TotalAV)
TrackIR 5 (HKLM-x32\...\{6984ac4b-af1a-46af-bb10-ca1d3b7d4aba}) (Version: 5.4.2.0000 - NaturalPoint)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20E1F6C6-14FF-48EE-A373-01A763FA3183} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)
Task: {234EC97E-C5DE-4816-951B-E3DFBAA5F8E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)
Task: {614E7A64-2766-4786-B2E1-F74DA4F5EEAF} - System32\Tasks\Opera scheduled Autoupdate 1503334509 => C:\Program Files\Opera\launcher.exe [2017-10-02] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-08-21 13:11 - 2017-08-11 06:45 - 000441696 _____ () C:\Program Files (x86)\TotalAV\SecurityService.exe
2017-08-28 13:52 - 2017-10-11 07:23 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-22 19:40 - 2017-08-22 19:41 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 19:40 - 2017-08-22 19:41 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 19:40 - 2017-08-22 19:41 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 19:40 - 2017-08-22 19:41 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-07-10 18:35 - 2017-07-10 18:35 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-07-10 18:35 - 2017-07-10 18:35 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-09-12 14:01 - 2017-09-12 14:01 - 000077824 _____ () C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2017-09-12 14:01 - 2017-09-12 14:01 - 000144896 _____ () C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2017-10-06 12:55 - 2017-10-02 05:20 - 091433560 _____ () C:\Program Files\Opera\48.0.2685.35\opera_browser.dll
2017-10-06 12:55 - 2017-10-02 05:20 - 004197464 _____ () C:\Program Files\Opera\48.0.2685.35\libglesv2.dll
2017-10-06 12:55 - 2017-10-02 05:20 - 000101464 _____ () C:\Program Files\Opera\48.0.2685.35\libegl.dll
2017-08-21 13:11 - 2017-08-11 06:45 - 002675040 _____ () C:\Program Files (x86)\TotalAV\TotalAV.exe
2017-08-21 13:11 - 2017-08-11 06:43 - 000075264 _____ () C:\Program Files (x86)\TotalAV\SCAPI.dll
2017-08-21 13:11 - 2017-08-11 06:43 - 000010240 _____ () C:\Program Files (x86)\TotalAV\lib_SCAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-21 16:35 - 2017-08-21 16:33 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1506985641-429325667-4285346549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesse\Downloads\22243925_10155357598603884_717946589_o.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1506985641-429325667-4285346549-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1506985641-429325667-4285346549-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A21DC5EB-C3B4-40F4-89D3-A1C91D7AF3A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A8935DB-3AC9-48B5-AE7B-BA1BC98A2346}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{41583779-9FBC-42BC-A98D-CF66A091E99B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{567B88FD-BB09-4A32-9959-29827B40C86B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B984097E-DC4C-42E5-9D2C-735B6D2A6762}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EC235B5-D02F-4D2B-B5ED-FF83C28A08D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D96E02A4-FA92-4635-B7C2-B3E067F53F5C}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{81E4F7BA-A988-4DE3-B996-DB7906981479}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{DF7D9265-BDD2-4381-BA39-5542280EDBD5}] => (Allow) E:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{48E49E89-1D53-4127-87BD-A6BBE4E9918F}] => (Allow) E:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{28A4D281-2E2E-45A9-BCA9-D82786D9075A}] => (Allow) E:\Games\Steam\steamapps\common\Perfect Golf\Perfect Golf.exe
FirewallRules: [{98F9751C-2880-47A7-A599-C2D11AF66834}] => (Allow) E:\Games\Steam\steamapps\common\Perfect Golf\Perfect Golf.exe
FirewallRules: [{E6E46C4A-B18A-440F-B32A-42EC5990767B}] => (Allow) E:\Games\Steam\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [{6A139617-06E5-411C-B9D8-2E5A0B5126D8}] => (Allow) E:\Games\Steam\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [{C253303B-284D-4CC4-87E6-00E3125C28B7}] => (Allow) E:\Games\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{42EA4A62-40EF-4B18-AC95-79BD6992B89F}] => (Allow) E:\Games\Steam\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{57F3415D-BE0D-4353-AB9D-97F5C0C4A5E3}] => (Allow) E:\Games\Steam\steamapps\common\DCSWorld\Run.exe
FirewallRules: [{9351B683-5A38-482D-8F1E-B0ACF538AAFC}] => (Allow) E:\Games\Steam\steamapps\common\DCSWorld\Run.exe
FirewallRules: [TCP Query User{48F438D1-8813-4137-A6F5-62E47DF957F9}E:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{62CE1BA5-4905-4A5F-8EAF-ABB6083618B6}E:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{4CB17210-02D9-4797-A02D-6713B9B62564}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{41A43E7B-BFAD-4915-B173-AB70454B1CF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4CA3DF17-3B7D-47A0-980A-E32D2FA03A4A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94CF916D-8321-4D76-A085-9735584DCCBF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC3A8F8E-3BB5-469E-BE66-0D48BDCE8D76}] => (Allow) C:\Program Files\Opera\47.0.2631.71\opera.exe
FirewallRules: [{2839F7DF-4C2D-4591-9099-B646A4D5E888}] => (Allow) E:\Games\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{924860E0-3F14-42A2-AF08-1EDA914B85EC}] => (Allow) E:\Games\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{DAF60CCD-0347-47E2-8BDC-6F58485F8F14}] => (Allow) E:\Games\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{73C04F7E-7E1E-459A-B889-1B50BB4DF027}] => (Allow) E:\Games\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{F61FD5F0-99EA-48F6-AD44-F3C9137AF96E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{612DEC7A-52FA-4465-A3E4-527C3062EDF1}] => (Allow) E:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B4CBAAD1-65B2-43D4-A4CA-BCE1B030C07D}] => (Allow) E:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6CC51A3C-3750-454B-8673-EFC34FD529E1}] => (Allow) E:\Games\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E4E9F627-BFBD-4B0A-80CF-AE5D36F9EF27}] => (Allow) E:\Games\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{884A52E1-92E3-4C94-B10C-F9EB79165C72}] => (Allow) E:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{C2964FB8-B027-4192-AF4B-5878B4DB7EF3}] => (Allow) E:\Games\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{0D95A930-069C-4E13-A4EE-C92A66510936}] => (Allow) E:\Games\Steam\steamapps\common\SimplePlanes\SimplePlanes.exe
FirewallRules: [{51EF1EFD-C1C1-4511-82D1-A9CCD78282FA}] => (Allow) E:\Games\Steam\steamapps\common\SimplePlanes\SimplePlanes.exe
FirewallRules: [{9D4D83BC-1591-4D8F-9813-2714783EF554}] => (Allow) E:\Games\Steam\steamapps\common\Animation Throwdown The Quest for Cards\animationthrowdown.exe
FirewallRules: [{8D7D62CF-B65B-4E3E-B1B5-41923E02502E}] => (Allow) E:\Games\Steam\steamapps\common\Animation Throwdown The Quest for Cards\animationthrowdown.exe
FirewallRules: [{D91CB41F-6FC8-4670-A136-A17F75480E03}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [{22EF690F-D87C-4C2A-BC25-44002B975826}] => (Allow) E:\Games\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{3F69DB39-66A3-4E33-83DE-9F3DE0280BE5}] => (Allow) E:\Games\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{B25B1C1B-38BA-43AB-975F-FB7040E984AC}] => (Allow) C:\Program Files\Opera\48.0.2685.35\opera.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2017 07:41:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/11/2017 07:40:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000068
Disk type: 0

Error: (10/11/2017 07:40:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: qmgr.dll, version: 7.8.15063.0, time stamp: 0x49ab11e0
Exception code: 0xc000001d
Fault offset: 0x00000000000093a0
Faulting process id: 0x474
Faulting application start time: 0x01d34285be4dc306
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report Id: 96b27c78-1d71-45a3-b52a-139fcd45254d
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 07:23:59 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000068
Disk type: 0

Error: (10/11/2017 07:23:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: qmgr.dll, version: 7.8.15063.0, time stamp: 0x49ab11e0
Exception code: 0xc000001d
Fault offset: 0x00000000000093a0
Faulting process id: 0xbc
Faulting application start time: 0x01d342836efaf550
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report Id: 83cfb12f-b17b-4301-a8da-5965917c8631
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 07:21:59 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000068
Disk type: 0

Error: (10/11/2017 07:21:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: qmgr.dll, version: 7.8.15063.0, time stamp: 0x49ab11e0
Exception code: 0xc000001d
Fault offset: 0x00000000000093a0
Faulting process id: 0x1e7c
Faulting application start time: 0x01d34283275ac297
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report Id: fba7c3fb-1ca3-4410-8d4a-ced3291071b4
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/11/2017 07:20:58 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000068
Disk type: 0

Error: (10/11/2017 07:20:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: qmgr.dll, version: 7.8.15063.0, time stamp: 0x49ab11e0
Exception code: 0xc000001d
Fault offset: 0x00000000000093a0
Faulting process id: 0x20e8
Faulting application start time: 0x01d3428302f2449d
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report Id: 964f2855-5604-4428-9787-aa9151ab0641
Faulting package full name: 
Faulting package-relative application ID:

Error: (10/06/2017 12:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppXSvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: CRYPT32.dll, version: 10.0.15063.296, time stamp: 0x27f585b8
Exception code: 0xc0000005
Fault offset: 0x00000000000677be
Faulting process id: 0xd28
Faulting application start time: 0x01d33dcbff79749d
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\CRYPT32.dll
Report Id: 21608f2b-513e-489b-ac7e-818387dd231c
Faulting package full name: 
Faulting package-relative application ID:

System errors:
=============
Error: (10/11/2017 07:42:31 AM) (Source: DCOM) (EventID: 10010) (User: JESSE-PC)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (10/11/2017 07:40:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 4 time(s).

Error: (10/11/2017 07:32:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2017 07:32:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2017 07:23:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).

Error: (10/11/2017 07:22:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (10/11/2017 07:21:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/11/2017 07:20:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/08/2017 08:37:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/08/2017 08:37:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

CodeIntegrity:
===================================
Date: 2017-10-06 12:48:27.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-06 12:48:26.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16340.88 MB
Available physical RAM: 12455.23 MB
Total Virtual: 18772.88 MB
Available Virtual: 14636.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:43.84 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.63 GB) (Free:10.44 GB) NTFS
Drive k: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:320.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2DEA9591)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7390EE14)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs 

I can't see any malware in there, but the screenshot you posted looks like its for TrackIR 5, and you have it installed, as its showing in Programs and Features

This is what it is:

https://www.naturalpoint.com/trackir/trackir5/

Have you tried resinstalling the software for this, if it has any? Also, looking at the System Specs, it may not be compatible with Windows 10, as it mentions Vista which is an old system.

System Requirements
•Requires TrackIR 3 Series hardware or newer
•Windows Vista or newer
•60 megabytes of free hard disk space

Did it work before on this computer?

Thanks

Alex


----------



## firegolfer212 (Aug 28, 2017)

I've never had Vista on this PC and I've been using TrackIR for a couple years with no problems. I've tried uninstalling and reinstalling it several times. Someone mentioned I might have an issue with my hard drive going bad. Is there a way to check that for sure?


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, come down with a lousy cold that is doing the rounds here. Still not on top form 

The reason I mentioned Vista, is that is the specs for the software, and wasn't sure if you recently upgraded to Windows 10, and it wasn't compatable.

It could be a dying drive, is there anything else havin problems? Or, it could be that the file dpapi.dll is corrupt.

So, lets see what versions etc you have on your pc:


You should still have *FRST64.exe* in your *Downloads* folder. If not please download it *HERE*.
Right click *FRST64.exe* and select *Run as administrator*.
Copy and paste the following into the *Search* box:



> *dpapi.dll



Click *Search Files*. The scan can take 10 minutes or more to complete.
You will get a popup telling you when the search has completed. Click *OK*.
This will open a file *Search.txt*. Please copy and paste the contents in your reply.
*Search.txt* can also be found in the same folder FRST was run from.


----------



## firegolfer212 (Aug 28, 2017)

Ok here is that search

Farbar Recovery Scan Tool (x64) Version: 18-10-2017
Ran by Jesse (18-10-2017 12:21:20)
Running from C:\Users\Jesse\Downloads
Boot Mode: Normal

================== Search Files: "*dpapi.dll" =============

C:\Windows\WinSxS\wow64_microsoft-windows-upnpssdp_31bf3856ad364e35_10.0.15063.0_none_9b31f6773e67c518\ssdpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000048640 _____ (Microsoft Corporation) CB62C55065BD5894DBBA8A675B809BCE [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.15063.0_none_934cdf997fae0a60\dpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000013312 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_10.0.15063.0_none_90dd4c250a07031d\ssdpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000057856 _____ (Microsoft Corporation) 132DDF269E95CD965F046506B1E10E70 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.15063.0_none_88f835474b4d4865\dpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000015872 _____ (Microsoft Corporation) 9587AEC9E9B038EB8548B0B1390943E3 [File is digitally signed]

C:\Windows\syswow64\dpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000013312 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\syswow64\ssdpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000048640 _____ (Microsoft Corporation) CB62C55065BD5894DBBA8A675B809BCE [File is digitally signed]

C:\Windows\System32\dpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000015872 _____ (Microsoft Corporation) 9587AEC9E9B038EB8548B0B1390943E3 [File is digitally signed]

C:\Windows\System32\ssdpapi.dll
[2017-03-18 16:58][2017-03-18 16:58] 000057856 _____ (Microsoft Corporation) 132DDF269E95CD965F046506B1E10E70 [File is digitally signed]

====== End of Search ======


----------



## eddie5659 (Mar 19, 2001)

Get rid of my cold (nearly) and have people staying so trying to log on when I can.

Looks like none are showing as zero file which is what I was looking for, so we can see if re-registering the actual dll file will help.

In Windows, click in the Search box above the Windows icon, and type *Command Prompt*, right-click on the Command Prompt, and select *Run as Administrator*.

*Now, lets try using the default commands. If you get an error stating its not an executable file for this file type, let me know and I'll amend the commands*

So, in the Command Prompt, type the following:



> regsvr32 C:\Windows\System32\dpapi.dll


And press Enter.


----------



## firegolfer212 (Aug 28, 2017)

Okay I typed that in the command prompt and it returned with "\dpapi.dll is not recognized as an internal or external command, operable program or batch file."


----------



## eddie5659 (Mar 19, 2001)

Finally have the house to myself, so can reply anytime I can 

Okay, it may be your enviroment variable that is messed up. Can you do this for me:

Right click the *My Computer* icon then choose *Properties*. Select the *Advanced System Settings* from the left and then click *Environment Variables*.

In there, in the bottom window, click on *Path* and then *Edit*










Then, you get this window:










Could you grab a screenshot of what you can see on the Edit button, as above?


----------



## firegolfer212 (Aug 28, 2017)

Okay here's what I got.


----------



## eddie5659 (Mar 19, 2001)

Nuts, never got the email saying I had a reply 

Looking at the picture you posted, what happens when you click on the actual Path? It looks like the above is from looking at ComSpec. So, click on Path, and then Edit, to grab the screenie:


----------



## firegolfer212 (Aug 28, 2017)

Okay here is what you want I think


----------



## eddie5659 (Mar 19, 2001)

Hmm, that looks okay. What I'm going to do, as there is no malware on there, least none that I can spot, is move this to the general forums.

In the malware forums, only certain people can reply, but in the other areas, all can reply, so someone may be able to spot it.

Plus, been a bit slow at replying lately, so don't want you left dangling


----------

