thebigd

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016 Ran by test (2016-04-28 12:48:00) Running from C:\Users\test\Downloads Windows 10 Home Version 1511 (X64) (2015-12-01 23:06:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1154547124-2327209256-1540992038-500 - Administrator - Enabled) => C:\Users\Administrator Daniel (S-1-5-21-1154547124-2327209256-1540992038-1002 - Administrator - Enabled) => C:\Users\Daniel DefaultAccount (S-1-5-21-1154547124-2327209256-1540992038-503 - Limited - Disabled) Guest (S-1-5-21-1154547124-2327209256-1540992038-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1154547124-2327209256-1540992038-1009 - Limited - Enabled) test (S-1-5-21-1154547124-2327209256-1540992038-1011 - Administrator - Enabled) => C:\Users\test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 16.4.3528.0331 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 16.4.3528.0331 - „Microsoft Corporation“) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1211.2901 - Micro-Star International Co., Ltd.) Corsair M95 Firmware Update Application (HKLM-x32\...\{4E44154D-0699-4D6C-996F-66D47B9A40D2}_is1) (Version: - ) Corsair M95 Gaming Mouse Driver V1.0 (HKLM-x32\...\{9C9EA6B0-2138-4111-BF26-9D0D40D12C0F}_is1) (Version: 1.00.00.14 - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden D4: Dark Dreams Don't Die (HKLM-x32\...\Steam App 358090) (Version: - Access Games) Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment) ELAN Touchpad 15.13.1.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.1.1 - ELAN Microelectronic Corp.) FOMM 0.14.11.12 (HKLM-x32\...\{072C2AEF-16B2-46B7-BA7F-D0CAA7B4F89F}_is1) (Version: - Prideslayer) Fotoattēlu galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogaléria (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foto-galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerija fotografija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KB9X Radio Switch Driver (HKLM\...\B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251) (Version: 1.0.7112.20593 - ENE TECHNOLOGY INC.) KeePass Password Safe 1.30 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.30 - Dominik Reichl) KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI) MSI VGA Overclock Tool (HKLM-x32\...\{26C18D1A-CA42-4682-8CBA-98929848278A}) (Version: 12.06.0601 - MSI) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.1 - Notepad++ Team) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.437 - Qualcomm Atheros) Qualcomm Atheros Killer Network Manager (Version: 6.1.0.437 - Qualcomm Atheros) Hidden QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) SCM (HKLM\...\{FA8AB91A-0B41-4797-9015-9B3FBC7834CC}) (Version: 10.012.09132 - ) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.010 - MSI) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited) Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version: - Core Design) USB GamePad (HKLM-x32\...\{B8CDAD75-96FB-48A5-A2AE-6515DDEB7BFA}) (Version: 3.85 - My Company Name) Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment) Windows Driver Package - Intel (NETwNe64) net (09/12/2012 15.5.4.45) (HKLM\...\A007E57753F87B14A4737DA95057F173950A6A3D) (Version: 09/12/2012 15.5.4.45 - Intel) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Wolfram Extras 10.1 (5292844) (HKLM\...\A-WIN-Extras 10.1.0 5292844_is1) (Version: 10.1.0 - Wolfram Research, Inc.) Wolfram Mathematica 10.1 (M-WIN-L 10.1.0 5292918) (HKLM\...\M-WIN-L 10.1.0 5292918_is1) (Version: 10.1.0 - Wolfram Research, Inc.) Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Основи Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 16.4.3528.0331 - Корпорация Майкрософт) Hidden Фотоальбом (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Фотогалерия (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Фотографии (общедоступная версия) (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Фотоколекція (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden フォト ギャラリー (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden גלריית התמונות (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden معرض الصور (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 사진 갤러리 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1154547124-2327209256-1540992038-1011_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {28004699-7A08-408C-A640-DD9AA796C826} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {31700F4E-90BE-4F40-A816-D59F49804FF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3626EF2E-E8B1-47F8-AAAF-5BB10003F6D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {44D7ACB1-DDF1-45AE-BB43-86CE8FC74B6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4A29F4A8-8282-4002-AEB7-F28D3168FE00} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {704FD003-4791-4D1F-8AF2-1D77D3AD340C} - System32\Tasks\{470C1EDF-11A6-421F-9681-E6DEBAB0ED98} => pcalua.exe -a "D:\Warcraft III\Frozen Throne.exe" -d "D:\Warcraft III" Task: {7472CF23-05E6-4DC6-854B-929156282E34} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {95EB8A2E-44E0-4484-8501-407E877D74D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {AC2606B5-5B7D-4F39-B879-B8D80E06E871} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {ACEF0DD9-5C82-4EFF-8E9A-288A676F7B92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B7D68DF5-551D-4A1C-A0E4-9871264F6434} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C4DB10D2-8782-4068-AD13-40FA7F25E9F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {C8F99298-F44E-4688-9F07-03BAE63B25C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {CC2ADB12-4905-446F-BE6D-5DDBC5EF5CEB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {EC69054D-BFF3-41A6-8FEC-9E51698E9AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.) Task: {ECBB511E-57AB-49E4-8E34-AF46876B3A7A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EEC1B478-E503-4E80-BBE2-C3230853F6D0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {EEDEE7C5-06D1-4B91-95A4-FF8470F162C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F34074F6-EF17-44F9-80F2-41F793EE4E36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-10-31 18:58 - 2015-10-31 18:58 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-20 03:36 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-17 15:50 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-17 15:50 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-26 20:53 - 2016-04-26 20:53 - 00959176 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll 2015-10-30 11:26 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-20 01:45 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-17 15:48 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-18 16:03 - 2016-04-18 16:03 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-03-29 13:43 - 2016-03-29 13:44 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-29 13:43 - 2016-03-29 13:44 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-04 10:00 - 2016-03-04 10:00 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-03-01 21:50 - 2016-02-23 02:32 - 03516416 _____ () C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlUI.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 06068224 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\a3963b34f3c2705c9a4ec3c65693f26d\Windows.UI.Xaml.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 04276736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\d2b7c683dc1e85d376103d969fcf24f2\Windows.ApplicationModel.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\a55d1aa8413de7ec76aab7958a344629\Windows.Foundation.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 01188864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\495026780e3eeff85a4e2a24198284dc\Windows.Storage.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 01984000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\564d874ace25597626a9aecb0da44971\Windows.UI.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 00302080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\0f0001e0746c2a7fef9c62151dadc1a7\Windows.Globalization.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 00475136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\c06b0147cf63754b64415c76f8813bda\Windows.Data.ni.dll 2016-04-18 21:49 - 2016-04-18 21:49 - 01244672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\fe12241f6ccb1bd96516a0a8160693c1\Windows.Web.ni.dll 2016-03-04 10:00 - 2016-03-04 10:00 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1603.12020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-03-09 17:28 - 2016-03-09 17:28 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2016-04-17 15:49 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-17 15:49 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-17 15:49 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-17 15:50 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-26 20:53 - 2016-04-26 20:53 - 00679624 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2016-02-23 15:16 - 2016-02-23 15:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2016-02-26 15:43 - 2016-02-26 15:43 - 21848248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll 2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll 2015-12-18 10:42 - 2015-12-18 10:42 - 50708664 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll 2016-04-17 21:13 - 2016-04-06 05:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-17 21:13 - 2016-04-06 05:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll 2015-10-31 18:58 - 2015-10-31 18:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-04-18 16:03 - 2016-04-18 16:03 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 16:03 - 2016-04-18 16:04 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0] AlternateDataStreams: C:\Users\test\Downloads\download.htm:$CmdZnID [26] AlternateDataStreams: C:\Users\test\Downloads\flux-setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\test\Downloads\flux-setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\test\Downloads\gettin+turnt.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\test\Downloads\Souryuu.Asuka.Langley.full.1345484.jpg:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_fd582bb4-caa2-44a4-9743-b0f4e87a94fd => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1154547124-2327209256-1540992038-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\test\Pictures\backgrounds 2\yolo.png DNS Servers: 66.90.139.210 - 66.90.130.10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: Bluetooth Device Monitor => 2 MSCONFIG\Services: Bluetooth OBEX Service => 2 MSCONFIG\Services: CLKMSVC10_38F51D56 => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: ETDService => 2 MSCONFIG\Services: GfExperienceService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: igfxCUIService1.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: LMIRescue_fd582bb4-caa2-44a4-9743-b0f4e87a94fd => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: Micro Star SCM => 2 MSCONFIG\Services: MSI_SuperCharger => 2 MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: Qualcomm Atheros Killer Service => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: UNS => 2 HKLM\...\StartupApproved\Run: => "BtTray" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run32: => "Corsair Duke" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{B3ED3741-AB02-4D5E-BB04-6161C326812C}] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [{1F79558A-297D-4D88-9CC2-0E6839F45567}] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [UDP Query User{66F758FE-9A63-4225-8BE2-5663BFDD5E41}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [TCP Query User{42D60396-36AC-4763-8D50-573CD5A4B313}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [{98F96AF1-C2F4-4C06-9574-3B397C4D440F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BBD77970-42A5-40D5-B4E4-426A2809B588}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F70C4AF5-FE6E-451A-8B86-6B261A95D004}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{91106829-69AB-4783-A280-5B1CBB78CFA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{CF0EEBB4-F20D-4E4A-88C5-56DCCB141BD1}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A91C6B28-0F9C-42AC-8BF7-0DBAC3091079}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exe FirewallRules: [{45157957-BDAA-45A2-A57B-6B427FD27E2F}] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe FirewallRules: [{F12416D9-67AA-4A6D-B40C-F764AA1FC11D}] => (Block) C:\users\daniel\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{394FF65E-7206-4DF4-AB49-F8D74AD61DD7}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [UDP Query User{A8D36390-0392-457F-8608-EDADBDFCA3F9}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{2DDA23A7-C72C-410D-ABB5-45DA08049633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{BBBBEA81-05EE-4B12-AA04-1CF290043B03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [TCP Query User{9E96A0AD-9F50-4760-BF37-D62B1D53D21A}C:\users\daniel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{168ACE6E-E6E1-4E44-BA72-51C5EE9D8656}C:\users\daniel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{F21AD35A-7251-43AF-8663-365AB0C529D5}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{E0167023-0A9E-47CF-8CE2-8E015EFB04F3}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{56D45A07-31AE-4F26-9D0A-96E9B35D9B24}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{EF272A7F-69E9-4FF2-8797-058D9E2E345D}] => (Block) C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{7C6477DE-A6BC-4BF3-9A45-7D52BB3618D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{CB6C58C8-4D86-4891-9BBD-1419762F6896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{DF4ECA05-4AA2-4061-A5DC-AD6974E3FD80}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [UDP Query User{7FB6FCB8-4015-42BC-95AF-BB6D7669D0A3}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe FirewallRules: [{6E1F33D1-C18A-495B-9BF6-B30D567E7AA9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe FirewallRules: [{06C14525-B281-4A94-B948-4B3BDDAED9D9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe FirewallRules: [{0242F370-1309-45A4-9F63-9D479E717928}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe FirewallRules: [{5913F5E1-5BCA-4C69-8194-C2DA5E5C1BC4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe FirewallRules: [{3086FA70-2D3D-48CF-987F-9109244FB550}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe FirewallRules: [{D5F47950-7DE9-45C6-B847-1D21AFF5283F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe FirewallRules: [{4706504C-7F41-4D3E-898B-14B5B06B7D4C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe FirewallRules: [{5F7F689D-16A9-4E4A-BFAB-FAD7895A64D1}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe FirewallRules: [TCP Query User{2CC922B2-D6D1-4BFB-95D0-7E7D4F0EB5F0}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe FirewallRules: [UDP Query User{EF8B1405-6616-40E5-BC99-60F45387ED70}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe FirewallRules: [{D1A58F79-06B0-4496-8E4E-8A70AC8D9132}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe FirewallRules: [{43641F06-7152-4608-AC77-3653B7E91976}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe FirewallRules: [{B82F64E6-0C20-451C-8A60-8C9FACE5B124}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe FirewallRules: [{56A625AE-89B9-4D24-8495-6D79FDBD20FE}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe FirewallRules: [{C6D5CB13-66A5-4484-9936-23F3302FD20E}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{CE19EBD6-4C20-498C-BAB2-E9D8D3C2F978}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{0752C1BD-C2A2-4586-84D4-6860DE4C0FE0}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{D675960A-A299-42B9-B475-C31D50B46BBF}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe FirewallRules: [{BD6B1239-07DE-4F2D-AC91-5BDDFD47280C}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe FirewallRules: [{306156BF-C856-43A4-A88A-A34FD9CC45FF}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe FirewallRules: [{5104163D-A35B-4C40-98E2-54DF3290D5F0}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe FirewallRules: [{D3347CF6-35EC-4E56-876D-8BB3CD7C9AAD}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe FirewallRules: [TCP Query User{EB2746F5-8FDC-4CC8-9E90-556C420A4C60}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe FirewallRules: [UDP Query User{E6DCA928-BA27-4F55-A08D-55ED2136DD0E}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe FirewallRules: [{7FF3B549-3BCF-4A34-96D1-82EE6B9E4BC8}] => (Allow) C:\Program Files (x86)\Diablo II\Diablo II.exe FirewallRules: [{746635A2-D716-4C51-A7DC-DAA42A56A1C0}] => (Allow) C:\Program Files (x86)\Diablo II\Diablo II.exe FirewallRules: [{5A58A1F1-85AE-4683-9748-93E37A55F2F2}] => (Allow) C:\Program Files (x86)\Diablo II\Diablo II.exe FirewallRules: [{AA44DA63-BB24-4511-BBD0-DAC0C5191CDA}] => (Allow) C:\Program Files (x86)\Diablo II\Diablo II.exe FirewallRules: [TCP Query User{56DCD428-A5BE-4B78-BCF8-7D39C0FF6CA6}D:\warcraft iii\war3.exe] => (Allow) D:\warcraft iii\war3.exe FirewallRules: [UDP Query User{B6592081-2080-4A0E-962C-FEE8C68AFC5D}D:\warcraft iii\war3.exe] => (Allow) D:\warcraft iii\war3.exe FirewallRules: [TCP Query User{D9CEAD75-6B6E-4D68-9A56-9D50F315FF12}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [UDP Query User{87B47559-2678-4D47-87AC-4FF233CE5F7B}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{1D692EF3-41CC-4956-BB46-539185D53E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\D4 Dark Dreams Don't Die\D4.exe FirewallRules: [{537C49DE-47A4-4919-9737-AF190B4DB402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\D4 Dark Dreams Don't Die\D4.exe FirewallRules: [{EAE991AB-CA6E-415A-A2E2-2D3FF0A6D09A}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{724E6E62-2E9E-4277-9715-8F5167C7110C}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4E13777A-15EA-4123-AC5F-DAAA0E456616}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6CE439A3-93C0-4E9D-8BE5-176FA8F7C697}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1E74D34A-6AD1-4A27-9500-1677DD9727B8}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2DACD018-137E-4296-912D-4A1729222F35}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{0C2E795E-8F1D-44C9-ADFF-4B4D84D97941}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [UDP Query User{98AC7884-CFB4-415C-8386-B00E36DFD7F9}C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [{4F539D89-B3B6-4170-A8A7-E1F2238AE062}] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [{2B96F171-FD87-4CAE-9BA7-54ECFF1D03A7}] => (Block) C:\users\daniel\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [{EBCC3EAF-A851-44ED-8323-9387C2BFE343}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe FirewallRules: [{0007FCFA-1F71-4778-88D6-36AC851FBFED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe FirewallRules: [{C31650FC-6257-4B91-B30C-97016303715D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 12-04-2016 18:36:27 Windows Update 16-04-2016 22:46:09 Removed NVIDIA PhysX 17-04-2016 00:18:04 Restore Operation 17-04-2016 15:53:14 Post- system restore. computer stable 4/17/2016 18-04-2016 16:40:58 Stable point - before windows updates / nvidia updates. 20-04-2016 04:10:12 Pre-Attempt #2 to update nVidia 23-04-2016 20:22:24 post-fan cleaning 23-04-2016 20:35:18 post fan clean 26-04-2016 13:59:05 pre-attempt #2 to install nvidia drivers/geforce stuff 27-04-2016 12:20:21 post moving over to other user profile - test - pre delete dani ==================== Faulty Device Manager Devices ============= Name: Microsoft Basic Display Adapter Description: Microsoft Basic Display Adapter Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard display types) Service: BasicDisplay Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2016 08:41:01 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume OS_Install (C:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057) Error: (04/27/2016 09:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel) Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/27/2016 04:43:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel) Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/27/2016 04:43:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel) Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/27/2016 04:35:09 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/27/2016 01:05:34 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program pcsx2-r5875.exe because of this error. Program: pcsx2-r5875.exe File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 Error: (04/27/2016 01:05:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcsx2-r5875.exe, version: 0.0.0.0, time stamp: 0x52ef990f Faulting module name: gsdx32-avx2-r5875.dll, version: 1.0.1.9, time stamp: 0x53a1e601 Exception code: 0xc000001d Fault offset: 0x000010c9 Faulting process id: 0x17d0 Faulting application start time: 0xpcsx2-r5875.exe0 Faulting application path: pcsx2-r5875.exe1 Faulting module path: pcsx2-r5875.exe2 Report Id: pcsx2-r5875.exe3 Faulting package full name: pcsx2-r5875.exe4 Faulting package-relative application ID: pcsx2-r5875.exe5 Error: (04/27/2016 12:59:49 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program pcsx2-r5875.exe because of this error. Program: pcsx2-r5875.exe File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 Error: (04/27/2016 12:59:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcsx2-r5875.exe, version: 0.0.0.0, time stamp: 0x52ef990f Faulting module name: gsdx32-avx2-r5875.dll, version: 1.0.1.9, time stamp: 0x53a1e601 Exception code: 0xc000001d Fault offset: 0x000010c9 Faulting process id: 0xd2c Faulting application start time: 0xpcsx2-r5875.exe0 Faulting application path: pcsx2-r5875.exe1 Faulting module path: pcsx2-r5875.exe2 Report Id: pcsx2-r5875.exe3 Faulting package full name: pcsx2-r5875.exe4 Faulting package-relative application ID: pcsx2-r5875.exe5 Error: (04/27/2016 12:53:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Daniel) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (04/28/2016 12:57:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/27/2016 10:57:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (04/27/2016 10:57:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (04/27/2016 10:57:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/27/2016 10:56:59 PM) (Source: DCOM) (EventID: 10005) (User: Daniel) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (04/27/2016 10:56:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/27/2016 10:56:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/27/2016 10:56:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/27/2016 10:56:53 PM) (Source: DCOM) (EventID: 10005) (User: Daniel) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (04/27/2016 10:56:53 PM) (Source: DCOM) (EventID: 10005) (User: Daniel) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} CodeIntegrity: =================================== Date: 2016-04-23 23:32:18.284 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-23 20:18:15.810 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-21 22:40:03.861 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-20 16:33:39.964 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-20 04:42:59.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-20 04:11:55.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-18 17:00:28.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-18 16:02:09.333 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 11:30:27.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-16 23:57:01.337 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 32% Total physical RAM: 16275.58 MB Available physical RAM: 10947.79 MB Total Virtual: 18707.58 MB Available Virtual: 12251.15 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:676.09 GB) (Free:169.44 GB) NTFS Drive d: (The Big ) (Fixed) (Total:698.51 GB) (Free:678.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 8A440388) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================

Hi Malwarebytes, Sadly i am back again. after downloading and running "Display Driver Uninstaller" i started getting a lot of BSOD error messages like: Video_Dxgkrnl_fatal_error, Driver_power_state_failure, Video_TDR_failure, and kmode_exception_not_handled. So far i have been told that all of these are hardware related or related to updating drivers, so i am not worried. But what I am worried about is the following: I tried to sign in to YouTube last night and received the following error message: "We are sorry, but you do not have access to this service. Please contact your domain administrator for access" I had never got this message before so I quickly changed my gmail password, and attempted to sign in again, and it worked...so i believe that someone else had access to this account. So I am currently in the process of changing all my passwords that are stored in KeyPass (a password safe and password generator). Aside from this, I want to see if I have fully resolved the problem by running a full system scan in safe mode which detected: RiskWare.ExtensionMismatch, C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-1154547124-2327209256-1540992038-1002\ReadOnly\LockScreen_A\LockScreen___1280_0720.jpg, Quarantined, [8053694aa3f60a2c31f73d2bdf228878], Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016 Ran by test (administrator) on DANIEL (28-04-2016 12:47:15) Running from C:\Users\test\Downloads Loaded Profiles: test (Available Profiles: Daniel & test & Administrator) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe (Microsoft Corporation) C:\Windows\SystemApps\ContactSupport_cw5n1h2txyewy\ContactSupport.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1603.12020.0_x64__8wekyb3d8bbwe\Time.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2015-08-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2012-09-13] (MSI) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2012-09-13] (MSI) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-12-07] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-31] (cyberlink) HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [89088 2012-06-06] () HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.) HKLM-x32\...\Run: [Corsair Duke] => C:\Program Files (x86)\Corsair\M95 Mouse\M95Hid.exe [1771520 2013-08-15] (Corsair Components Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-10-31] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-10-31] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 66.90.139.210 66.90.130.10 Tcpip\..\Interfaces\{0b39125a-fef7-4126-a3b9-04cb8ceadb2c}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 Tcpip\..\Interfaces\{fb0926c0-af00-47b2-819f-764df132f7d4}: [DhcpNameServer] 66.90.139.210 66.90.130.10 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-20] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5292844\npmathplugin.dll [2015-03-24] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26] CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26] CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26] CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26] CHR Extension: (Adblock Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-28] CHR Extension: (Google Sheets) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26] CHR Extension: (Google Docs Offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26] CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26] CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink) S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-08-07] (ELAN Microelectronics Corp.) S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation) S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-22] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.) S4 LMIRescue_fd582bb4-caa2-44a4-9743-b0f4e87a94fd; C:\Users\Daniel\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3306336 2016-04-20] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S4 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2012-09-13] (Micro-Star International Co., Ltd.) [File not signed] S4 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI) S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation) S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation) S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-09-25] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2012-09-25] (Qualcomm Atheros, Inc.) R3 DUKEMS; C:\Windows\system32\drivers\DUKEMS.sys [25600 2012-08-16] ( ) R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.) S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [164720 2012-09-25] (Qualcomm Atheros, Inc.) R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-28] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation) U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [448312 2012-12-07] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-28 12:47 - 2016-04-28 12:47 - 00017735 _____ C:\Users\test\Downloads\FRST.txt 2016-04-28 12:46 - 2016-04-28 12:47 - 00000000 ____D C:\FRST 2016-04-28 12:46 - 2016-04-28 12:46 - 02376704 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe 2016-04-28 12:29 - 2016-04-28 12:29 - 00158399 _____ C:\Users\test\Desktop\DANIEL.txt 2016-04-28 12:12 - 2016-04-28 12:12 - 00001252 _____ C:\Users\test\Desktop\extensionMismatch lob.txt 2016-04-28 12:12 - 2016-04-28 12:12 - 00001051 _____ C:\Users\test\Desktop\current scan.txt 2016-04-28 12:01 - 2016-04-28 12:01 - 00228634 _____ C:\Users\test\Downloads\properties of fourier trans.pdf 2016-04-28 02:17 - 2016-04-28 02:17 - 03297476 _____ C:\Users\test\Downloads\Proof of Convolution Theorem.pdf 2016-04-28 00:29 - 2016-04-28 00:29 - 00279337 _____ C:\Users\test\Downloads\ElectricityMagnetismAppendixB - fourier transforms.pdf 2016-04-27 23:30 - 2016-04-27 23:30 - 02016031 _____ C:\Users\test\Downloads\stanford - n dim fourier transforms.pdf 2016-04-27 16:39 - 2016-04-27 16:40 - 00855884 _____ C:\WINDOWS\Minidump\042716-24718-01.dmp 2016-04-27 16:37 - 2016-04-27 16:37 - 00157019 _____ C:\Users\test\Desktop\speccy report.txt 2016-04-27 16:18 - 2016-04-27 16:18 - 00000000 ____D C:\Users\test\AppData\Local\ElevatedDiagnostics 2016-04-27 16:09 - 2016-04-27 16:15 - 340696488 _____ (NVIDIA Corporation) C:\Users\test\Downloads\364.51-notebook-win10-64bit-international-whql.exe 2016-04-27 15:53 - 2016-04-27 15:55 - 363140224 _____ (NVIDIA Corporation) C:\Users\test\Downloads\364.72-notebook-win10-64bit-international-whql (1).exe 2016-04-27 15:48 - 2016-04-27 15:48 - 00000000 ____D C:\Users\test\AppData\Roaming\Oracle 2016-04-27 15:46 - 2016-04-27 15:46 - 00000000 ____D C:\Users\test\AppData\Roaming\Sun 2016-04-27 15:46 - 2016-04-27 15:46 - 00000000 ____D C:\Users\test\AppData\LocalLow\Sun 2016-04-27 15:45 - 2016-04-27 15:45 - 00000000 ____D C:\Users\test\AppData\LocalLow\Oracle 2016-04-27 15:00 - 2016-04-27 15:01 - 00364860 _____ C:\WINDOWS\Minidump\042716-27593-01.dmp 2016-04-27 14:44 - 2016-04-27 14:45 - 00681292 _____ C:\WINDOWS\Minidump\042716-29296-01.dmp 2016-04-27 13:34 - 2016-04-27 13:34 - 00327756 _____ C:\WINDOWS\Minidump\042716-29640-01.dmp 2016-04-27 11:49 - 2016-04-27 11:49 - 00000000 __SHD C:\Users\test\IntelGraphicsProfiles 2016-04-27 00:29 - 2016-04-27 00:29 - 00000000 ____D C:\Users\test\AppData\LocalLow\Temp 2016-04-26 23:38 - 2016-04-26 23:38 - 00000000 ____D C:\Users\test\AppData\Local\NetworkTiles 2016-04-26 23:28 - 2016-04-26 23:28 - 00000000 ____D C:\Users\test\AppData\Roaming\KeePass 2016-04-26 23:18 - 2016-04-26 23:19 - 00000000 ____D C:\Users\test\AppData\Roaming\vlc 2016-04-26 23:16 - 2016-04-28 11:41 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{86A087F8-F8E9-4AB6-ABF2-70FB67551FF2} 2016-04-26 23:15 - 2016-04-26 23:15 - 00000000 ____D C:\Users\test\AppData\Local\CEF 2016-04-26 23:14 - 2016-04-26 23:15 - 00000000 ____D C:\Users\test\AppData\Local\Adobe 2016-04-26 23:14 - 2016-04-26 23:14 - 00000000 ____D C:\Users\test\AppData\LocalLow\Adobe 2016-04-26 21:58 - 2016-04-28 01:08 - 00027964 _____ C:\Users\test\Desktop\Database.v2.4.18.2016.kdb 2016-04-26 21:58 - 2016-04-26 21:58 - 00000000 ____D C:\Users\test\Desktop\minidump 2016-04-26 21:57 - 2016-04-26 21:57 - 00000000 ____D C:\Users\test\Desktop\Games 2016-04-26 21:26 - 2016-04-26 21:57 - 00000000 ____D C:\Users\test\Desktop\Everything 2016-04-26 20:55 - 2016-04-26 20:55 - 00000000 ____D C:\Users\test\AppData\Local\MicrosoftEdge 2016-04-26 20:53 - 2016-04-27 23:00 - 00000000 ___RD C:\Users\test\OneDrive 2016-04-26 20:53 - 2016-04-26 20:53 - 00002374 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-26 20:52 - 2016-04-26 20:52 - 00000000 ____D C:\Users\test\AppData\Local\Comms 2016-04-26 20:50 - 2016-04-26 20:50 - 00000000 ____D C:\Users\test\AppData\Local\ActiveSync 2016-04-26 20:49 - 2016-04-26 20:49 - 00000000 ____D C:\Users\test\AppData\Local\Publishers 2016-04-26 20:48 - 2016-04-27 22:57 - 00000000 ____D C:\Users\test 2016-04-26 20:48 - 2016-04-27 10:52 - 00000000 ____D C:\Users\test\AppData\Local\Google 2016-04-26 20:48 - 2016-04-26 23:26 - 00002346 _____ C:\Users\test\Desktop\Google Chrome.lnk 2016-04-26 20:48 - 2016-04-26 23:16 - 00000000 ____D C:\Users\test\AppData\Local\Packages 2016-04-26 20:48 - 2016-04-26 23:14 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe 2016-04-26 20:48 - 2016-04-26 20:48 - 00000020 ___SH C:\Users\test\ntuser.ini 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 _SHDL C:\Users\test\My Documents 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 _SHDL C:\Users\test\Documents\My Videos 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 _SHDL C:\Users\test\Documents\My Pictures 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 _SHDL C:\Users\test\Documents\My Music 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore 2016-04-26 20:48 - 2016-04-26 20:48 - 00000000 ____D C:\Users\test\AppData\Local\TileDataLayer 2016-04-26 20:46 - 2016-04-26 20:46 - 00002397 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-26 20:46 - 2016-04-26 20:46 - 00000000 ___RD C:\Users\Administrator\OneDrive 2016-04-26 20:43 - 2016-04-26 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync 2016-04-26 20:42 - 2016-04-26 20:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2016-04-26 20:41 - 2016-04-26 20:41 - 00002342 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2016-04-26 20:41 - 2016-04-26 20:41 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2016-04-26 20:41 - 2016-04-26 20:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer 2016-04-26 20:41 - 2016-04-26 20:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-04-26 19:23 - 2016-04-27 13:06 - 00000000 ___HD C:\OneDriveTemp 2016-04-26 18:23 - 2016-04-27 17:00 - 01252910 _____ C:\WINDOWS\ntbtlog.txt 2016-04-26 18:20 - 2016-04-26 18:21 - 00591396 _____ C:\WINDOWS\Minidump\042616-28562-01.dmp 2016-04-26 17:55 - 2016-04-26 17:56 - 00506292 _____ C:\WINDOWS\Minidump\042616-31875-01.dmp 2016-04-24 15:07 - 2016-04-24 15:07 - 00044806 _____ C:\Users\Daniel\Desktop\HW14-problems.pdf 2016-04-22 00:44 - 2016-04-22 00:44 - 00416269 _____ C:\Users\test\Downloads\quantum-mech.-and-Hermite-polynomials-Arfken-Weber-6e-Chap13.pdf 2016-04-20 18:25 - 2016-04-20 18:25 - 00002307 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk 2016-04-20 18:25 - 2016-04-20 18:25 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - fd582bb4-caa2-44a4-9743-b0f4e87a94fd 2016-04-20 17:59 - 2016-04-20 17:59 - 00000279 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2016-04-20 04:47 - 2016-04-20 04:48 - 00671404 _____ C:\WINDOWS\Minidump\042016-36734-01.dmp 2016-04-20 04:22 - 2016-04-20 04:22 - 00347816 _____ (Microsoft Corporation) C:\Users\test\Downloads\MicrosoftFixit.Devices.Run.exe 2016-04-20 04:04 - 2016-04-20 04:05 - 44977016 _____ (NVIDIA Corporation) C:\Users\test\Downloads\GeForce_Experience_v2.11.2.66.exe 2016-04-18 16:10 - 2016-04-20 18:12 - 00027228 _____ C:\Users\Daniel\Desktop\Database.v2.4.18.2016.kdb 2016-04-17 20:13 - 2016-04-17 20:13 - 06062023 _____ C:\Users\test\Downloads\Morin_David_There_once_was_a_Classical_Theory.pdf 2016-04-17 15:51 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-04-17 15:51 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-17 15:51 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-04-17 15:51 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-17 15:51 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-04-17 15:51 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-04-17 15:51 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-04-17 15:51 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-04-17 15:51 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-04-17 15:51 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-04-17 15:51 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-04-17 15:51 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-04-17 15:51 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-04-17 15:51 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-04-17 15:51 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-04-17 15:51 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-17 15:51 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-04-17 15:51 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-17 15:51 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-17 15:51 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-04-17 15:51 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-17 15:50 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-04-17 15:50 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-04-17 15:50 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-17 15:50 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-04-17 15:50 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-04-17 15:50 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-04-17 15:50 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-04-17 15:50 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-04-17 15:50 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-04-17 15:50 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-04-17 15:50 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-04-17 15:50 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-04-17 15:50 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-04-17 15:50 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-04-17 15:50 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-04-17 15:50 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-04-17 15:50 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-04-17 15:50 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-17 15:50 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-04-17 15:50 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-04-17 15:50 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-04-17 15:50 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-04-17 15:50 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-04-17 15:50 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-04-17 15:50 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-17 15:50 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-17 15:50 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-04-17 15:50 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-04-17 15:49 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-04-17 15:49 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-04-17 15:49 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-04-17 15:49 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-04-17 15:49 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-04-17 15:49 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-04-17 15:49 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-04-17 15:49 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-04-17 15:49 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-04-17 15:49 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-04-17 15:49 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-04-17 15:49 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-04-17 15:49 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-17 15:49 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-17 15:49 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-17 15:49 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-17 15:49 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-04-17 15:49 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2016-04-17 15:49 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-04-17 15:49 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-04-17 15:49 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-04-17 15:49 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-04-17 15:49 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-04-17 15:49 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2016-04-17 15:49 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-04-17 15:49 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-04-17 15:49 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-17 15:49 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-04-17 15:49 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2016-04-17 15:49 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-04-17 15:49 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-04-17 15:49 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-04-17 15:49 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-04-17 15:49 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-04-17 15:49 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-17 15:49 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2016-04-17 15:49 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2016-04-17 15:49 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-04-17 15:49 - 2016-03-29 02:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-04-17 15:49 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-04-17 15:49 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-04-17 15:49 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-04-17 15:49 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-04-17 15:49 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-04-17 15:49 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-04-17 15:49 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-04-17 15:49 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2016-04-17 15:49 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-17 15:49 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-04-17 15:49 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-04-17 15:49 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-04-17 15:49 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-04-17 15:49 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-04-17 15:49 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll 2016-04-17 15:49 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-04-17 15:49 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2016-04-17 15:49 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-04-17 15:49 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-04-17 15:49 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-04-17 15:49 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-04-17 15:49 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-04-17 15:49 - 2016-03-29 02:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-04-17 15:49 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-04-17 15:49 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-04-17 15:49 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-04-17 15:49 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-04-17 15:49 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2016-04-17 15:49 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-04-17 15:49 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-04-17 15:49 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-04-17 15:49 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2016-04-17 15:49 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-17 15:49 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-04-17 15:49 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-04-17 15:49 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-04-17 15:49 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-04-17 15:49 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-04-17 15:49 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-04-17 15:49 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-04-17 15:49 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-04-17 15:49 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2016-04-17 15:49 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-04-17 15:49 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-04-17 15:49 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll 2016-04-17 15:49 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-04-17 15:49 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2016-04-17 15:49 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-04-17 15:49 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-04-17 15:49 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-04-17 15:49 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-04-17 15:49 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-04-17 15:49 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-04-17 15:49 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2016-04-17 15:49 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-04-17 15:49 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-17 15:49 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-04-17 15:49 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-04-17 15:49 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-04-17 15:49 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-04-17 15:49 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-04-17 15:49 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-04-17 15:49 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-04-17 15:49 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-04-17 15:49 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-04-17 15:49 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-04-17 15:49 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2016-04-17 15:49 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-04-17 15:49 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-04-17 15:49 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-04-17 15:49 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-04-17 15:49 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-04-17 15:49 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-04-17 15:49 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-04-17 15:49 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-04-17 15:49 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2016-04-17 15:49 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-04-17 15:49 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-04-17 15:49 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-04-17 15:49 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-04-17 15:49 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-04-17 15:49 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-04-17 15:49 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2016-04-17 15:49 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-04-17 15:48 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2016-04-17 15:48 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-04-17 15:48 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-04-17 15:48 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-04-17 15:48 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2016-04-17 15:48 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2016-04-17 15:48 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-04-17 15:48 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-04-17 15:48 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-04-17 15:48 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-04-17 15:48 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-04-17 15:48 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2016-04-17 15:48 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-04-17 15:48 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-04-17 15:48 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-04-17 15:48 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-04-17 15:48 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2016-04-17 15:48 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-04-17 15:48 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-04-17 15:48 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-04-17 15:48 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-04-17 15:48 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-04-17 15:48 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-04-17 15:48 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-04-17 15:48 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-04-17 15:48 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-04-17 15:48 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2016-04-17 15:48 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-04-17 15:48 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2016-04-17 15:48 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll 2016-04-17 15:48 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll 2016-04-17 15:48 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-04-17 15:48 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2016-04-17 15:48 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-04-17 15:48 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2016-04-17 15:48 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-04-17 15:48 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-17 15:48 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-04-17 15:48 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-04-17 15:48 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2016-04-17 15:48 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2016-04-17 15:48 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-17 15:48 - 2016-03-29 02:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-04-17 15:48 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2016-04-17 15:48 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2016-04-17 15:48 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-04-17 15:48 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-04-17 15:48 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-04-17 15:48 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2016-04-17 15:48 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2016-04-17 15:48 - 2016-03-29 02:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys 2016-04-17 15:48 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-04-17 15:48 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll 2016-04-17 15:48 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-04-17 15:48 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-04-17 15:48 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2016-04-17 15:48 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2016-04-17 15:48 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll 2016-04-17 15:48 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2016-04-17 15:48 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-04-17 15:48 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2016-04-17 15:48 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-04-17 15:48 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll 2016-04-17 15:48 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-04-17 15:48 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-04-17 15:48 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2016-04-17 15:48 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-17 15:48 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll 2016-04-17 15:48 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll 2016-04-17 15:48 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll 2016-04-17 15:48 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2016-04-17 15:48 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2016-04-17 15:48 - 2016-03-29 02:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-04-17 15:48 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-04-17 15:48 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-17 15:48 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-04-17 15:48 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-04-17 15:48 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2016-04-17 15:48 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-04-17 15:48 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-04-17 15:48 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-17 15:48 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2016-04-17 15:48 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2016-04-17 15:48 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2016-04-17 15:48 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-04-17 15:48 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-04-17 15:48 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll 2016-04-17 15:48 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-04-17 15:48 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2016-04-17 15:48 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll 2016-04-17 15:48 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2016-04-17 15:48 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-04-17 15:48 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll 2016-04-17 15:48 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2016-04-17 15:48 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-17 15:48 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2016-04-17 15:48 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2016-04-17 15:48 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2016-04-17 15:48 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-04-17 15:48 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2016-04-17 15:48 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-04-17 15:48 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-04-17 15:48 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2016-04-17 15:48 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-04-17 15:48 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-04-17 15:48 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-04-17 15:48 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-04-17 15:48 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-04-17 15:48 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-04-17 15:48 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-04-17 15:48 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-04-17 15:48 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2016-04-17 15:48 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2016-04-17 15:48 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-04-17 15:48 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-04-17 15:48 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-04-17 15:48 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-04-17 15:48 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-17 15:20 - 2016-04-17 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-04-17 15:20 - 2016-04-17 15:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-04-16 23:53 - 2016-04-17 16:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA Corporation 2016-04-16 23:52 - 2016-04-16 23:52 - 00000000 ____D C:\ProgramData\NVIDIA 2016-04-16 22:45 - 2016-04-17 00:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-04-14 22:12 - 2016-04-17 17:02 - 00000000 ____D C:\Users\Daniel\Desktop\minidump 2016-04-14 18:04 - 2016-04-14 18:04 - 00003078 _____ C:\Users\test\Downloads\Load Order Help.txt 2016-04-12 13:58 - 2016-04-12 13:58 - 00000000 ____D C:\Users\test\Documents\Diablo II 2016-04-05 18:29 - 2016-04-05 18:31 - 120421344 _____ (Oracle Corporation) C:\Users\test\Downloads\VirtualBox-5.0.16-105871-Win.exe 2016-04-05 13:30 - 2016-04-05 13:30 - 00000000 ____D C:\Users\test\Documents\Dolphin Emulator ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-28 12:13 - 2015-04-29 00:36 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-28 11:28 - 2015-05-12 21:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-27 23:13 - 2015-04-29 00:36 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-27 23:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-27 22:57 - 2015-12-01 17:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-27 22:57 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2016-04-27 22:57 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI 2016-04-27 22:55 - 2015-12-01 17:37 - 00000000 ____D C:\Users\Administrator 2016-04-27 16:42 - 2015-10-31 17:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-04-27 16:39 - 2015-12-27 13:41 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-27 16:39 - 2015-04-20 00:41 - 852341661 _____ C:\WINDOWS\MEMORY.DMP 2016-04-27 16:17 - 2015-12-01 17:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-04-27 15:47 - 2015-06-24 18:46 - 00000000 ____D C:\ProgramData\Oracle 2016-04-27 15:47 - 2015-06-24 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-27 15:47 - 2015-06-24 18:46 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-27 15:46 - 2015-09-05 21:48 - 00000000 ____D C:\Users\test\.oracle_jre_usage 2016-04-27 15:46 - 2015-06-24 18:46 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-04-27 14:08 - 2015-08-20 18:39 - 00000000 ____D C:\Program Files (x86)\Diablo II 2016-04-27 13:58 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-27 13:58 - 2015-08-06 14:54 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-27 13:35 - 2015-06-02 13:36 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Rescue Applet 2016-04-27 13:06 - 2015-06-05 05:31 - 00000000 __RDO C:\Users\Daniel\OneDrive 2016-04-27 11:00 - 2015-10-22 18:53 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0FCEC00C-4559-4719-B6C4-0430AFB02495} 2016-04-27 00:28 - 2015-07-13 22:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2016-04-26 23:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-26 22:36 - 2015-12-01 17:37 - 00000000 ____D C:\Users\Daniel 2016-04-26 21:13 - 2015-09-15 20:57 - 00000000 ____D C:\Users\test\3D Objects 2016-04-26 21:08 - 2012-11-22 02:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages 2016-04-26 20:48 - 2013-04-23 07:50 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-26 19:27 - 2015-08-30 22:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi 2016-04-26 12:47 - 2015-04-20 01:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2016-04-24 14:28 - 2015-08-12 21:00 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mumble 2016-04-23 20:14 - 2015-04-21 02:26 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-22 22:33 - 2015-08-06 15:04 - 00002380 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-22 02:57 - 2015-04-29 00:23 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-04-21 23:29 - 2015-12-16 14:33 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2016-04-21 23:29 - 2015-08-20 19:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Battle.net 2016-04-21 23:28 - 2015-08-20 19:07 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-04-20 21:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache 2016-04-20 19:09 - 2015-08-06 15:07 - 00000000 ____D C:\Users\Daniel\AppData\Local\MicrosoftEdge 2016-04-20 17:57 - 2015-12-29 15:44 - 00000000 ____D C:\Users\Daniel\Desktop\Everything 2016-04-20 17:33 - 2014-08-05 14:54 - 00000000 ____D C:\Users\Daniel\Desktop\Games 2016-04-20 15:42 - 2014-06-15 01:40 - 00000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles 2016-04-20 04:02 - 2016-03-04 11:55 - 00000000 ___RD C:\Users\test\Documents\Scanned Documents 2016-04-20 03:49 - 2015-04-20 07:05 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI 2016-04-19 02:20 - 2015-08-20 18:51 - 00019910 _____ C:\WINDOWS\DIIUnin.dat 2016-04-18 20:30 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-04-18 20:29 - 2015-04-20 03:36 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-04-18 16:59 - 2015-12-01 17:28 - 04897376 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-18 16:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-04-18 16:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-04-18 16:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-04-18 16:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-04-17 21:13 - 2015-04-29 00:37 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-17 18:29 - 2016-02-24 12:17 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2016-04-17 18:03 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\Nui 2016-04-17 18:03 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-04-17 18:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\L2Schemas 2016-04-17 18:02 - 2015-12-01 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\NV 2016-04-17 18:02 - 2015-12-01 17:34 - 00000000 ____D C:\WINDOWS\system32\NV 2016-04-17 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-04-17 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-04-17 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\System 2016-04-17 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help 2016-04-17 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Globalization 2016-04-17 18:02 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-04-17 18:02 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\servicing 2016-04-17 18:02 - 2015-04-20 04:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc 2016-04-17 18:01 - 2015-10-31 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-04-17 18:01 - 2015-08-20 19:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Battle.net 2016-04-17 18:01 - 2015-04-20 03:52 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass 2016-04-17 18:01 - 2015-04-20 01:05 - 00000000 ____D C:\Users\Daniel\AppData\Local\Micro-Star_International_ 2016-04-17 18:01 - 2012-12-07 08:55 - 00000000 ___HD C:\SuperChargerProfile 2016-04-17 17:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration 2016-04-17 17:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SystemResources 2016-04-17 17:41 - 2015-12-01 17:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-04-17 17:41 - 2015-08-20 19:07 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-04-17 17:40 - 2015-12-01 17:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-04-17 17:40 - 2015-05-04 19:05 - 00000000 __RHD C:\MSOCache 2016-04-17 16:41 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-17 16:39 - 2015-04-22 23:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-17 16:34 - 2015-04-22 23:10 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-17 15:21 - 2015-10-31 17:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA 2016-04-17 00:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-17 00:07 - 2015-04-20 01:59 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics 2016-04-16 23:22 - 2015-04-20 04:01 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2016-04-12 13:53 - 2014-04-21 19:26 - 00000000 ____D C:\Users\test\.VirtualBox 2016-04-09 22:28 - 2014-04-21 21:27 - 00000000 ____D C:\Users\test\VirtualBox VMs 2016-04-09 12:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-05 18:59 - 2015-08-20 19:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Blizzard Entertainment 2016-03-31 19:34 - 2015-05-12 21:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware ==================== Files in the root of some directories ======= 2005-03-21 14:41 - 2005-03-21 14:41 - 0012793 _____ () C:\Program Files\How To Install.html 2005-02-25 15:37 - 2005-02-25 15:37 - 0157035 _____ () C:\Program Files\LegalNotices.pdf 2005-02-22 14:31 - 2005-02-22 14:31 - 0142049 _____ () C:\Program Files\Photoshop At A Glance.pdf 2005-02-22 14:32 - 2005-02-22 14:32 - 2723276 _____ () C:\Program Files\Photoshop New Features.pdf 2005-02-23 12:24 - 2005-02-23 12:24 - 0002773 _____ () C:\Program Files\Read Me First.html Some files in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Daniel\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Daniel\AppData\Local\Temp\Nexus Mod Manager-0.61.5.exe Some zero byte size files/folders: ========================== C:\Windows\System32\Drivers\btmhsf.sys ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-19 18:02 ==================== End of FRST.txt ============================

Alright then, I guess you can close this up here!

Whenever I plug headphones into my computer the audio drowns out. But when the same audio is played through the laptop speakers it is clear. I have determined that it's definitely a software and not a hardware problem because I tried with 3 different types of headphones, and the result remained the same each time.

computer is running slowly. I try to run programs with my dedicated nvidia graphics card and I receive the error message: "You are not currently using a display attached to an NVIDIA GPU". So my dedicated graphics cards isn't running. I troubleshooted my computer using windows troubleshooter in control panel, and some of the devices are also not running properly: Bluetooth audio device has a driver problem. Virtual bluetooth support (include audio) has a driver problem. Bluetooth LWFLT Device has a driver problem. So I may or may not still be infected. Furthermore, I found two files on my desktop that I didn't put there: Media Player Center, and Messaging Center. They were described as: "Provides users in Korea with information about third party media player software". and "Provides users in Korea with information about third party instant messaging software".

So I was successful in installing all updates to my system. I'm now running Windows 8.1.

So I was successful in updating my system. I installed many updates for Windows 8. But now my system is running windows 8.1 and there are more updates for 8.1 that I haven't installed yet. So once I download those, I'll be ready for your help.

Alright I am working on doing the downloads manually. I am also looking at getting microsoft's tech support to help me out with the problem.

Also my computer seems to be running slowly and at times my trackpad is unresponsive. But we should probably fix one thing at a time.

After using the fixit tool, I was able to install the updates. But when I restarted my computer in order to configure the updates, this failed and my pc had to re-configure the system to a time before the update. WindowsUpdate.log

Here's a log file of Windows update. Maybe it could shed some light on the problem: WindowsUpdate.log

So I tried this fix. But it didn't work. Windows update currently says the following: Downloading updates... Downloading 29 updates (0 KB total, 0% complete) I don't know what I should do at this point or where I should proceed? Any suggestions?

So I enabled Windows update, and tried to install all x / 20 update. However, it hung on 4/20 and I had to shutdown the computer. In the meantime, I have been reading stuff like this: http://www.techygeekshome.co.uk/2015/04/windows-updates-stuck-on-shut-down-or.html Don't know if it is helpful or not. I have not tried to do anything to my system that you guys haven't told me. Thanks again, Daniel

So I was able to complete the disk check but was given this message at the end of the process: How should I proceed?

It's definitely Windows 8. Wait but I disabled windows update in services.msc. Should I re-enable it?