Jump to content

Malwarebytes AntiMalware will install but will not run


Recommended Posts

  • 2 weeks later...
  • Replies 103
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)



STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1 | Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 02
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe



STEP 03
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Thank you very much for helping me with this issue.

Step 01:

I have ran rkill, but it found nothing to stop.

Step 02:

The backup was successfully created with ERDNT.

Step 03:

Malwarebytes would not run, so I went through the Free Version Clean Removal process and reinstalled the newest version provided by the link.  Unfortunately, Malwarebytes would still not run.  Since I had to reboot during the clean removal process I tried running rkill again (which again found nothing to kill), but afterward Malwarebytes still does not run.  When I attempt to run it, the mouse pointer changes to the spinning circle for a few seconds, and then reverts to normal.  No windows are opened and no other indicators it was executed occur.

rkill.exe log:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/08/2016 07:52:17 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/08/2016 07:53:16 AM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)

Link to post
Share on other sites

  • Root Admin

Okay, let me have you run these steps then. Skip any steps that won't run or hang and let me know if it had an issue runnning.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Completed steps 04 - 07, logs appended:

 

JRT.TXT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by presence (Administrator) on Wed 06/08/2016 at 15:03:40.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/08/2016 at 15:05:00.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.119 - Logfile created 08/06/2016 at 15:19:03
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : presence - FALCHION
# Running from : C:\Users\presence\Desktop\Malware Tools\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1075 bytes] - [29/04/2016 15:46:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [1483 bytes] - [06/06/2016 16:21:46]
C:\AdwCleaner\AdwCleaner[C3].txt - [1695 bytes] - [06/06/2016 21:48:32]
C:\AdwCleaner\AdwCleaner[C4].txt - [1610 bytes] - [06/06/2016 22:54:06]
C:\AdwCleaner\AdwCleaner[C5].txt - [1755 bytes] - [06/06/2016 23:59:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [902 bytes] - [29/04/2016 15:45:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [894 bytes] - [29/04/2016 15:51:37]
C:\AdwCleaner\AdwCleaner[S3].txt - [992 bytes] - [25/05/2016 14:17:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [1303 bytes] - [06/06/2016 16:20:18]
C:\AdwCleaner\AdwCleaner[S5].txt - [1515 bytes] - [06/06/2016 21:47:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [1442 bytes] - [06/06/2016 22:52:34]
C:\AdwCleaner\AdwCleaner[S7].txt - [1587 bytes] - [06/06/2016 23:57:31]
C:\AdwCleaner\AdwCleaner[S8].txt - [1510 bytes] - [08/06/2016 15:19:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1583 bytes] ##########

ESET.TXT:

C:\Users\presence\Downloads\ccsetup518.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016
Ran by presence (administrator) on FALCHION (08-06-2016 16:57:22)
Running from C:\Users\presence\Desktop\Malware Tools
Loaded Profiles: presence (Available Profiles: presence)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3075552 2015-04-29] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2016-02-19] (Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [606144 2016-06-02] (NVIDIA Corporation)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [Pidgin] => C:\Program Files (x86)\Pidgin\pidgin.exe [58680 2016-01-01] (The Pidgin developer community)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [Steam] => d:\Games\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3978304 2016-06-08] (GOG.com)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{bdee8c78-1837-404e-bff4-a2d3aa07eb75}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{f32a4242-4910-4228-a7ff-150d7f68a4ad}: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001 -> DefaultScope {07287802-41A3-4515-BE43-6DDF62B9A9FA} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: FlashGot - C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-17]
FF Extension: uBlock Origin - C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-02]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (Google Docs) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (uBlock Origin) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-02]
CHR Extension: (Google Search) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (PwdHash port) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfmcfhnhnpoehjoommondmlmhdoonca [2016-05-31]
CHR Extension: (Google Sheets) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Authy Chrome Extension) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2016-02-28]
CHR Extension: (Authy) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2016-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [604280 2016-01-25] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-03-02] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [245312 2016-06-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-08] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-07-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-01-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38240 2016-02-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-27] (REALiX(tm))
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152360 2015-06-16] (Intel Corporation)
S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [257776 2015-07-13] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6723856 2016-01-21] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 15:22 - 2016-06-08 15:22 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-08 12:44 - 2016-06-02 21:28 - 00111552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-06-08 12:42 - 2016-06-03 01:22 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 31641656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 25404864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 21812056 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 21355464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 18151128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 17746664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 17432544 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 08733792 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 02844608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 02470336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00983488 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00910392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00787384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00632848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00565208 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00379808 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00316632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-08 10:57 - 2016-06-08 10:57 - 03009040 _____ C:\Users\presence\Downloads\The-Octopi-of-the-Ninth-World-2016-06-06_57584e87e0260.pdf
2016-06-08 09:31 - 2016-06-08 16:56 - 00000000 ____D C:\Users\presence\Desktop\Malware Tools
2016-06-08 07:50 - 2016-06-08 07:50 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-08 07:50 - 2016-06-08 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-08 07:50 - 2016-06-08 07:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-08 07:50 - 2016-06-08 07:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-08 07:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-08 07:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-08 07:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-08 07:49 - 2016-06-08 07:49 - 00000000 ___HD C:\OneDriveTemp
2016-06-08 07:46 - 2016-06-08 07:46 - 00000000 ____D C:\Windows\ERDNT
2016-06-08 07:45 - 2016-06-08 07:45 - 00000999 _____ C:\Users\presence\Desktop\NTREGOPT.lnk
2016-06-08 07:45 - 2016-06-08 07:45 - 00000980 _____ C:\Users\presence\Desktop\ERUNT.lnk
2016-06-08 07:45 - 2016-06-08 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-06-08 07:45 - 2016-06-08 07:45 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-06-06 23:45 - 2016-06-06 23:46 - 00345118 _____ C:\Windows\ntbtlog.txt
2016-06-06 23:11 - 2016-06-06 23:31 - 00035328 _____ C:\Users\presence\Desktop\CheckResults.txt
2016-06-06 23:10 - 2016-06-06 23:10 - 00003410 _____ C:\Windows\System32\Tasks\WRUStartup
2016-06-06 23:10 - 2016-06-06 23:10 - 00003392 _____ C:\Windows\System32\Tasks\WRU
2016-06-06 23:10 - 2016-06-06 23:10 - 00002085 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\Program Files\Intel Corporation
2016-06-06 23:09 - 2016-06-06 23:09 - 00000000 ____D C:\Users\presence\AppData\Local\Intel WiDi
2016-06-06 23:07 - 2016-06-06 23:09 - 128610456 _____ (Intel Corporation) C:\Users\presence\Downloads\Setup.exe
2016-06-06 22:36 - 2016-06-06 22:36 - 00099978 _____ C:\Users\presence\Documents\cc_20160606_223643.reg
2016-06-06 22:31 - 2016-06-06 22:31 - 06893008 _____ (Piriform Ltd) C:\Users\presence\Downloads\ccsetup518.exe
2016-06-06 22:31 - 2016-06-06 22:31 - 00002862 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-06 22:31 - 2016-06-06 22:31 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-06 22:31 - 2016-06-06 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-06 22:31 - 2016-06-06 22:31 - 00000000 ____D C:\Program Files\CCleaner
2016-06-06 16:19 - 2016-06-06 16:19 - 00281526 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_16.19.01_log.txt
2016-06-03 15:21 - 2016-06-03 15:21 - 00000000 ____D C:\Windows\system32\RTCOM
2016-06-03 15:21 - 2016-06-03 15:21 - 00000000 ____D C:\Program Files\Waves
2016-06-03 15:20 - 2016-06-08 12:43 - 00000000 ____D C:\Windows\LastGood
2016-06-03 15:19 - 2016-02-05 09:53 - 72203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2016-06-03 15:19 - 2016-02-05 09:53 - 13120760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 12986520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 12014448 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 05611370 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-06-03 15:19 - 2016-02-05 09:53 - 03700360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2016-06-03 15:19 - 2016-02-05 09:53 - 03282032 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 03198720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02894968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-06-03 15:19 - 2016-02-05 09:53 - 02823280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02037504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01743632 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01421104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01356504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01211832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00914024 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00768824 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00642928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00577840 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00203560 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00164432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00074608 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00069928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2016-06-03 11:25 - 2016-06-03 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-03 11:18 - 2016-06-03 11:18 - 140619040 _____ (GOG.com ) C:\Users\presence\Downloads\setup_galaxy_1.1.10.47.exe
2016-06-03 10:53 - 2016-06-03 10:53 - 02249592 _____ C:\Users\presence\Downloads\Lighter Dungeon.rar
2016-06-03 10:44 - 2016-06-03 10:44 - 00000208 _____ C:\Users\presence\Desktop\Satellite Reign.url
2016-05-31 12:09 - 2016-05-31 12:09 - 00152227 _____ C:\Users\presence\Desktop\alienvault-ss.zip
2016-05-31 11:56 - 2016-05-31 11:57 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-05-31 11:56 - 2016-05-20 02:03 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-31 11:56 - 2016-05-20 02:03 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-31 11:56 - 2016-05-20 02:03 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-31 11:56 - 2016-05-20 02:03 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-31 09:48 - 2016-05-31 09:48 - 00000218 _____ C:\Users\presence\AppData\Local\recently-used.xbel
2016-05-28 00:21 - 2016-05-28 00:25 - 00000000 ____D C:\Users\presence\Desktop\OSSIM
2016-05-28 00:19 - 2016-05-28 00:21 - 654311424 _____ C:\Users\presence\Downloads\AlienVault_OSSIM_64bits_5.2.4.iso
2016-05-27 20:56 - 2016-05-27 20:56 - 00000848 _____ C:\Users\presence\Downloads\switch.cfg
2016-05-27 20:56 - 2016-05-27 20:56 - 00000000 ____D C:\Users\presence\Downloads\1800-Software-PA-PB0310
2016-05-27 20:55 - 2016-05-27 20:55 - 00706634 _____ C:\Users\presence\Downloads\1800-Software-PA-PB0310.zip
2016-05-27 01:30 - 2016-05-27 01:32 - 00000600 _____ C:\Users\presence\AppData\Local\PUTTY.RND
2016-05-27 01:26 - 2016-05-27 01:26 - 02078720 _____ C:\Users\presence\Downloads\putty-0.67-installer.msi
2016-05-27 01:26 - 2016-05-27 01:26 - 00000964 _____ C:\Users\Public\Desktop\PuTTY.lnk
2016-05-27 01:26 - 2016-05-27 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2016-05-27 01:26 - 2016-05-27 01:26 - 00000000 ____D C:\Program Files (x86)\PuTTY
2016-05-26 22:35 - 2015-07-10 21:21 - 00000000 ____D C:\Users\presence\Downloads\RemoteBox-2.0
2016-05-26 22:34 - 2016-04-17 22:13 - 03328000 _____ C:\Users\presence\Downloads\RemoteBox-2.0.tar
2016-05-26 22:33 - 2016-04-17 22:20 - 00001252 _____ C:\Users\presence\Desktop\Remotebox.lnk
2016-05-25 23:27 - 2016-04-29 16:05 - 00452288 ____R C:\Windows\system32\Drivers\etc\hosts.20160525-232746.backup
2016-05-25 21:59 - 2016-06-08 15:05 - 00000558 _____ C:\Users\presence\Desktop\JRT.txt
2016-05-25 21:55 - 2016-05-25 21:56 - 00288760 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_21.55.46_log.txt
2016-05-25 21:29 - 2016-06-08 07:53 - 00001998 _____ C:\Users\presence\Desktop\Rkill.txt
2016-05-25 14:33 - 2016-06-08 16:57 - 00000000 ____D C:\FRST
2016-05-25 14:33 - 2016-05-25 14:35 - 00062790 _____ C:\Users\presence\Downloads\Addition.txt
2016-05-25 13:48 - 2016-05-25 13:48 - 00001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-05-25 13:48 - 2016-05-25 13:48 - 00001575 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-05-25 13:48 - 2016-05-25 13:48 - 00000000 ____D C:\Users\presence\AppData\Roaming\Wireshark
2016-05-25 13:41 - 2016-05-25 13:41 - 16127164 _____ C:\Users\presence\Downloads\SysinternalsSuite.zip
2016-05-25 13:41 - 2016-05-25 13:41 - 00000000 ____D C:\Users\presence\Desktop\SysinternalsSuite
2016-05-24 23:34 - 2016-05-24 23:40 - 104016465 _____ C:\Users\presence\Downloads\Power Stone (U)(KALISTO).7z
2016-05-24 23:31 - 2016-05-24 23:31 - 02097152 _____ C:\Users\presence\Downloads\dc_bios.bin
2016-05-24 23:31 - 2016-05-24 23:31 - 00131072 _____ C:\Users\presence\Downloads\dc_flash.bin
2016-05-24 23:30 - 2016-05-24 23:30 - 05101131 _____ C:\Users\presence\Downloads\dreamcast-bios.zip
2016-05-23 20:37 - 2016-05-23 20:38 - 26839780 _____ C:\Users\presence\Downloads\MAMEBIOS.rar
2016-05-23 15:16 - 2016-05-23 15:16 - 00143360 _____ C:\Users\presence\Downloads\BIG.U.po
2016-05-23 15:05 - 2016-05-23 15:05 - 08314188 _____ C:\Users\presence\Downloads\Retropie_intro_Émulation_Station_Retroarch_Mario_Luigi.mp4
2016-05-23 15:05 - 2016-05-23 15:05 - 00767269 _____ C:\Users\presence\Downloads\Retropie_intro_Émulation_Station_Retroarch_Mario_Luigi.webm
2016-05-20 16:01 - 2015-07-31 23:26 - 2832813813 _____ C:\Users\presence\Desktop\MAME_0.149_ROMs.zip
2016-05-20 15:38 - 2016-05-20 15:38 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk
2016-05-20 01:24 - 2016-05-20 01:24 - 00016384 _____ C:\Users\presence\Downloads\gba_bios.bin
2016-05-19 18:47 - 2016-05-19 18:47 - 00000000 ____D C:\IN1503_LitePort_DFP-100_Upgrade
2016-05-19 18:41 - 2016-05-19 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InFocus
2016-05-19 18:41 - 2016-05-19 18:41 - 00000000 ____D C:\Program Files\InFocus
2016-05-19 18:41 - 2008-12-31 01:11 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1000.dll
2016-05-19 16:50 - 2016-05-19 16:50 - 00016313 _____ C:\Users\presence\Downloads\resume.pdf
2016-05-16 21:44 - 2016-05-16 21:44 - 00001450 _____ C:\Users\presence\Documents\irssi.key
2016-05-15 12:00 - 2016-05-15 12:00 - 00001917 _____ C:\Users\presence\Desktop\github.cer
2016-05-15 09:51 - 2016-05-15 09:51 - 12855198 _____ C:\Users\presence\Downloads\AVR-3808CI-OM-E_404A.pdf
2016-05-14 22:44 - 2016-05-09 22:05 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-14 22:44 - 2016-05-09 22:05 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-14 22:41 - 2016-04-13 23:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-14 22:41 - 2016-04-13 23:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-14 21:28 - 2016-05-14 21:28 - 00002048 _____ C:\Users\presence\Downloads\grom.bin
2016-05-14 21:27 - 2016-05-14 21:27 - 00008192 _____ C:\Users\presence\Downloads\exec.bin
2016-05-14 19:28 - 2016-05-14 19:28 - 00001138 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2016-05-14 19:28 - 2016-05-14 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2016-05-14 19:28 - 2016-05-14 19:28 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2016-05-14 19:26 - 2016-05-14 19:27 - 12290974 _____ (ImageWriter Developers ) C:\Users\presence\Downloads\Win32DiskImager-0.9.5-install.exe
2016-05-14 19:26 - 2016-04-14 11:11 - 2800000000 _____ C:\Users\presence\Downloads\retropie-v3.7-rpi2.img
2016-05-14 19:07 - 2016-05-14 19:10 - 948546304 _____ C:\Users\presence\Downloads\retropie-v3.7-rpi2_rpi3.img.gz
2016-05-14 17:23 - 2016-05-14 17:23 - 00000208 _____ C:\Users\presence\Desktop\FTL Faster Than Light.url
2016-05-14 17:22 - 2016-05-14 17:23 - 197569383 _____ C:\Users\presence\Downloads\FTL.1.5.13.tar.gz
2016-05-14 17:22 - 2016-05-14 17:23 - 189232271 _____ (Subset Games ) C:\Users\presence\Downloads\FTL_v1.5.13_Install.exe
2016-05-13 16:52 - 2016-05-13 16:52 - 00000000 ____D C:\Users\presence\Downloads\mbam-chameleon-3.1.33.0
2016-05-11 06:35 - 2016-04-30 00:31 - 03591168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-05-11 06:35 - 2016-04-23 00:12 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 00713920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-05-11 06:35 - 2016-04-23 00:12 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-11 06:35 - 2016-04-22 23:28 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 06:35 - 2016-04-22 23:28 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:35 - 2016-04-22 23:24 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:35 - 2016-04-22 23:24 - 01819208 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:35 - 2016-04-22 23:10 - 03673424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:35 - 2016-04-22 23:10 - 02919832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 05240960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-11 06:35 - 2016-04-22 23:08 - 06605504 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-05-11 06:35 - 2016-04-22 23:08 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-11 06:35 - 2016-04-22 23:01 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:35 - 2016-04-22 22:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-05-11 06:35 - 2016-04-22 22:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-05-11 06:35 - 2016-04-22 22:31 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 06:35 - 2016-04-22 22:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-05-11 06:35 - 2016-04-22 22:30 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-05-11 06:35 - 2016-04-22 22:30 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-05-11 06:35 - 2016-04-22 22:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-05-11 06:35 - 2016-04-22 22:28 - 16984576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-05-11 06:35 - 2016-04-22 22:26 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-05-11 06:35 - 2016-04-22 22:26 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-05-11 06:35 - 2016-04-22 22:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-05-11 06:35 - 2016-04-22 22:23 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-05-11 06:35 - 2016-04-22 22:22 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-05-11 06:35 - 2016-04-22 22:22 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 24604672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-05-11 06:35 - 2016-04-22 22:16 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-05-11 06:35 - 2016-04-22 22:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 13383168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-05-11 06:35 - 2016-04-22 22:13 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-05-11 06:35 - 2016-04-22 22:13 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-05-11 06:35 - 2016-04-22 22:10 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:35 - 2016-04-22 22:09 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:35 - 2016-04-22 22:09 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-05-11 06:35 - 2016-04-22 22:08 - 05324288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 06:35 - 2016-04-22 22:08 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-05-11 06:35 - 2016-04-22 22:07 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-05-11 06:35 - 2016-04-22 22:07 - 02598912 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-05-11 06:35 - 2016-04-22 22:06 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 05502976 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-05-11 06:35 - 2016-04-22 22:04 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-05-11 06:35 - 2016-04-22 22:00 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-05-11 06:34 - 2016-05-05 22:53 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdport.sys
2016-05-11 06:34 - 2016-05-05 22:05 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-05-11 06:34 - 2016-05-05 22:03 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-05-11 06:34 - 2016-05-05 21:53 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-05-11 06:34 - 2016-05-05 21:49 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2016-05-11 06:34 - 2016-05-05 21:44 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-05-11 06:34 - 2016-05-05 21:43 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-05-11 06:34 - 2016-05-05 21:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-05-11 06:34 - 2016-04-30 00:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-05-11 06:34 - 2016-04-23 00:12 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-11 06:34 - 2016-04-23 00:12 - 00294592 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-11 06:34 - 2016-04-23 00:12 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-11 06:34 - 2016-04-22 23:26 - 00707608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-05-11 06:34 - 2016-04-22 23:24 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-05-11 06:34 - 2016-04-22 23:24 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-05-11 06:34 - 2016-04-22 23:22 - 01161120 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:34 - 2016-04-22 23:18 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-11 06:34 - 2016-04-22 23:13 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-05-11 06:34 - 2016-04-22 23:13 - 00306832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2016-05-11 06:34 - 2016-04-22 23:13 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-05-11 06:34 - 2016-04-22 23:11 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00696672 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00390496 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-05-11 06:34 - 2016-04-22 23:11 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-05-11 06:34 - 2016-04-22 23:10 - 00330072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-05-11 06:34 - 2016-04-22 23:09 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-05-11 06:34 - 2016-04-22 23:09 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-05-11 06:34 - 2016-04-22 23:08 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 01848072 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 01536088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 00204048 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-05-11 06:34 - 2016-04-22 23:06 - 00291360 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-05-11 06:34 - 2016-04-22 23:02 - 00188256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00650304 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00619296 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00577368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-05-11 06:34 - 2016-04-22 23:01 - 00522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00513368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 06:34 - 2016-04-22 23:01 - 00217440 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01594920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01372304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00453472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00058208 _____ (Microsoft Corporation) C:\Windows\system32\dwminit.dll
2016-05-11 06:34 - 2016-04-22 22:56 - 00534872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-05-11 06:34 - 2016-04-22 22:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-05-11 06:34 - 2016-04-22 22:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-05-11 06:34 - 2016-04-22 22:34 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2016-05-11 06:34 - 2016-04-22 22:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2016-05-11 06:34 - 2016-04-22 22:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ByteCodeGenerator.exe
2016-05-11 06:34 - 2016-04-22 22:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-05-11 06:34 - 2016-04-22 22:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 06:34 - 2016-04-22 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-05-11 06:34 - 2016-04-22 22:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filecrypt.sys
2016-05-11 06:34 - 2016-04-22 22:29 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-05-11 06:34 - 2016-04-22 22:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-11 06:34 - 2016-04-22 22:29 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-05-11 06:34 - 2016-04-22 22:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-05-11 06:34 - 2016-04-22 22:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-05-11 06:34 - 2016-04-22 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-05-11 06:34 - 2016-04-22 22:23 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-05-11 06:34 - 2016-04-22 22:22 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-05-11 06:34 - 2016-04-22 22:21 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:34 - 2016-04-22 22:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 06:34 - 2016-04-22 22:19 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2016-05-11 06:34 - 2016-04-22 22:19 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-05-11 06:34 - 2016-04-22 22:18 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-05-11 06:34 - 2016-04-22 22:18 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-05-11 06:34 - 2016-04-22 22:17 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2016-05-11 06:34 - 2016-04-22 22:16 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-05-11 06:34 - 2016-04-22 22:12 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:10 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-05-11 06:34 - 2016-04-22 22:07 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:34 - 2016-04-22 22:07 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-05-11 06:34 - 2016-04-22 22:04 - 01731072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:34 - 2016-04-22 22:03 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-05-11 06:34 - 2016-04-22 22:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:01 - 04775424 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-11 06:34 - 2016-04-22 22:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-05-11 06:34 - 2016-04-22 21:45 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-05-11 06:34 - 2016-04-22 20:10 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-11 06:34 - 2016-04-22 20:10 - 00002186 _____ C:\Windows\system32\AppxProvisioning.xml
2016-05-11 06:34 - 2016-04-18 16:30 - 00002186 _____ C:\Windows\SysWOW64\AppxProvisioning.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 16:52 - 2016-02-26 08:40 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 16:52 - 2016-02-26 08:40 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 16:52 - 2016-02-26 08:40 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 16:50 - 2016-02-26 08:40 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-08 16:29 - 2016-02-17 19:16 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-08 15:19 - 2016-04-29 15:45 - 00000000 ____D C:\AdwCleaner
2016-06-08 15:05 - 2016-02-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 15:05 - 2016-02-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 15:03 - 2016-02-25 18:49 - 00000000 ___RD C:\Users\presence\OneDrive
2016-06-08 14:43 - 2016-02-26 09:29 - 00000000 ____D C:\Users\presence\AppData\Roaming\.purple
2016-06-08 14:26 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-08 14:26 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-08 12:44 - 2016-03-13 22:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-08 12:44 - 2016-02-17 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-08 12:44 - 2016-02-17 19:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-08 12:44 - 2015-10-30 01:21 - 00000000 ____D C:\Windows\INF
2016-06-08 07:55 - 2016-02-17 19:06 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-08 07:49 - 2016-04-21 22:51 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-06-08 07:49 - 2016-03-02 23:26 - 00000000 ___RD C:\Users\presence\Dropbox
2016-06-08 07:48 - 2016-02-25 18:47 - 00000000 __SHD C:\Users\presence\IntelGraphicsProfiles
2016-06-08 07:48 - 2016-02-25 18:46 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-08 07:48 - 2016-02-17 19:16 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-08 07:48 - 2016-02-17 18:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-08 07:47 - 2015-10-30 00:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-06 23:45 - 2016-04-29 15:10 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-06 23:10 - 2016-02-17 19:16 - 00003832 _____ C:\Windows\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2016-06-06 23:10 - 2016-02-17 19:16 - 00003598 _____ C:\Windows\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2016-06-06 23:10 - 2016-02-17 19:02 - 00000000 ____D C:\Program Files\Intel
2016-06-06 23:03 - 2016-03-14 15:16 - 00000000 ____D C:\Users\presence\AppData\Roaming\TS3Client
2016-06-06 23:03 - 2016-03-07 10:36 - 00000000 ____D C:\Users\presence\AppData\Local\CrashDumps
2016-06-06 23:03 - 2016-02-17 18:39 - 00000000 ____D C:\Windows\Panther
2016-06-06 21:54 - 2016-04-29 15:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-06 21:53 - 2016-04-29 15:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-04 18:06 - 2016-03-14 22:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 07:53 - 2016-04-17 23:29 - 00002306 ____H C:\Users\presence\Documents\Default.rdp
2016-06-04 07:52 - 2016-04-17 22:23 - 00000547 _____ C:\Users\presence\AppData\Local\remotebox.conf
2016-06-03 18:51 - 2016-02-17 19:11 - 13553096 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-03 15:21 - 2016-02-17 19:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-06-03 15:21 - 2016-02-17 19:02 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-06-03 15:19 - 2016-02-27 01:41 - 00001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2016-06-03 11:25 - 2016-02-17 19:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-03 10:44 - 2016-03-30 19:36 - 00000000 ____D C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-03 01:22 - 2016-03-29 10:04 - 20375488 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-03 01:22 - 2016-03-29 10:04 - 17729184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-03 01:22 - 2016-03-29 10:04 - 14462536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 03811256 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 03371624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 00040084 _____ C:\Windows\system32\nvinfo.pb
2016-06-02 21:59 - 2016-02-17 19:12 - 06452948 _____ C:\Windows\system32\nvcoproc.bin
2016-06-02 21:59 - 2016-02-17 19:12 - 06364216 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 02455608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-02 21:59 - 2016-02-17 19:12 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-01 14:25 - 2016-02-17 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-01 14:25 - 2016-02-17 19:01 - 00000000 ____D C:\Program Files\Dell
2016-05-27 18:30 - 2016-04-17 23:36 - 00000000 ____D C:\Users\presence\.zenmap
2016-05-26 22:35 - 2016-04-17 22:20 - 00000000 ____D C:\Program Files (x86)\RemoteBox
2016-05-25 14:19 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence
2016-05-25 13:48 - 2016-02-28 00:39 - 00000000 ____D C:\Program Files\Wireshark
2016-05-22 15:02 - 2016-02-17 19:11 - 13509184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\SET8536.tmp
2016-05-20 15:38 - 2016-02-25 19:00 - 00000168 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2016-05-20 15:38 - 2016-02-17 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-20 13:03 - 2016-02-25 18:49 - 00002378 _____ C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-20 02:03 - 2016-03-29 10:04 - 20305768 _____ (NVIDIA Corporation) C:\Windows\system32\SETAB8E.tmp
2016-05-20 02:03 - 2016-03-29 10:04 - 17662432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SETD58F.tmp
2016-05-20 02:03 - 2016-03-29 10:04 - 14410024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SETBDE9.tmp
2016-05-20 02:03 - 2016-02-17 19:11 - 03811440 _____ (NVIDIA Corporation) C:\Windows\system32\SET879E.tmp
2016-05-20 02:03 - 2016-02-17 19:11 - 03371648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SETAF1F.tmp
2016-05-19 23:22 - 2016-03-15 19:26 - 00000000 ____D C:\Users\presence\AppData\Local\ElevatedDiagnostics
2016-05-19 18:34 - 2016-02-27 23:24 - 00000000 ____D C:\Users\presence\AppData\Roaming\vlc
2016-05-16 22:12 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\rescache
2016-05-14 22:48 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence\AppData\Local\VirtualStore
2016-05-14 22:42 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence\AppData\Local\NVIDIA
2016-05-14 22:37 - 2016-02-17 19:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-14 22:31 - 2015-10-30 03:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-14 22:31 - 2015-10-30 01:24 - 00015703 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\oobe
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\Provisioning
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\bcastdvr
2016-05-14 18:53 - 2015-10-30 01:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-11 13:57 - 2015-10-30 01:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 13:57 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 12:01 - 2016-03-02 23:24 - 00000000 ____D C:\Users\presence\AppData\Local\Dropbox
2016-05-11 08:46 - 2016-02-26 01:19 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:36 - 2016-02-26 01:19 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 04:27 - 2016-03-14 22:13 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 16:45 - 2016-02-26 08:40 - 00003980 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:45 - 2016-02-26 08:40 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-27 01:30 - 2016-05-27 01:32 - 0000600 _____ () C:\Users\presence\AppData\Local\PUTTY.RND
2016-05-31 09:48 - 2016-05-31 09:48 - 0000218 _____ () C:\Users\presence\AppData\Local\recently-used.xbel
2016-04-17 22:23 - 2016-06-04 07:52 - 0000547 _____ () C:\Users\presence\AppData\Local\remotebox.conf
2016-04-05 18:14 - 2016-04-05 18:14 - 0000000 _____ () C:\Users\presence\AppData\Local\{938DB3A5-655E-4C92-861D-1167045EA05D}
2016-04-05 18:11 - 2016-04-05 18:11 - 0000000 _____ () C:\Users\presence\AppData\Local\{CC77D4F9-A8A6-4C59-BCFE-688434DDBD0E}
2016-02-17 19:03 - 2016-02-17 19:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\presence\vars.bat


Some files in TEMP:
====================
C:\Users\presence\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\presence\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\presence\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-03 23:09

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by presence (2016-06-08 16:58:00)
Running from C:\Users\presence\Desktop\Malware Tools
Windows 10 Home Version 1511 (X64) (2016-02-26 00:45:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2299537190-2399584097-4290133042-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2299537190-2399584097-4290133042-503 - Limited - Disabled)
Guest (S-1-5-21-2299537190-2399584097-4290133042-501 - Limited - Disabled)
presence (S-1-5-21-2299537190-2399584097-4290133042-1001 - Administrator - Enabled) => C:\Users\presence

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Demo (HKLM\...\Steam App 231350) (Version:  - Futuremark)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitvise SSH Client - FlowSshNet (x64) (Version: 5.37.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client - FlowSshNet (x86) (x32 Version: 5.37.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client 6.47 (remove only) (HKLM-x32\...\BvSshClient) (Version: 6.47 - Bitvise Limited)
Black Shell Games - SanctuaryRPG -  (HKLM-x32\...\Black Shell Games SanctuaryRPG) (Version: "1.0.2.1.0.2.1.0.2" - "Black Shell Games")
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CHIRP (HKLM-x32\...\CHIRP) (Version:  - )
Circle of Eight Modpack version 8.1.0 New Content Edition (HKLM-x32\...\{4D57C220-6ACB-4427-8885-13933789323E}_is1) (Version: 8.1.0 New Content Edition - Circle of Eight)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EditPad Lite 7.4.0 (HKLM\...\EditPad Lite) (Version: 7.4.0 - Just Great Software)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{AEDB19D7-A2E9-4896-8780-1CD0F05DD0D6}) (Version: 4.42.579.0 - Futuremark)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HWiNFO64 Version 5.20 (HKLM\...\HWiNFO64_is1) (Version: 5.20 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InFocus IN1503 Firmware Update Utility v1.0.3 (HKLM-x32\...\{A9E1C97B-9786-4E83-A8E7-B4017DB521CF}_is1) (Version:  - InFocus, Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{78D56409-3E08-4C28-845F-259CAA181581}) (Version: 6.0.66.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c28476ae-214c-4ed9-b4ae-5b3c00a4ef72}) (Version: 18.33.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King's Bounty: Armored Princess (HKLM-x32\...\Steam App 3170) (Version:  - Katauri Interactive)
King's Bounty: Crossworlds (HKLM-x32\...\Steam App 63910) (Version:  - Katauri Interactive)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
King's Bounty: Warriors of the North (HKLM-x32\...\Steam App 203350) (Version:  - 1C-SoftClub)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nmap 7.01 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenVPN 2.3.10-I002  (HKLM\...\OpenVPN) (Version: 2.3.10-I002 - )
PCGen60600RC3 (HKLM-x32\...\PCGen60600RC3) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
PS4 Remote Play (HKLM-x32\...\{1F1AAC07-945B-451F-9CE6-1C7E7BB9CBF2}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.5.02 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Satellite Reign (HKLM\...\Steam App 268870) (Version:  - 5 Lives Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Shadowrun Returns (HKLM\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shadowrun: Hong Kong - Extended Edition (HKLM\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM\...\Steam App 250760) (Version:  - Yacht Club Games)
Shroud of the Avatar: Forsaken Virtues (HKLM\...\Steam App 326160) (Version:  - Portalarium)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strawberry Perl (HKLM-x32\...\{7F3E14F6-6F1E-1014-BAF3-DA7C31843670}) (Version: 5.22.1003 - strawberryperl.com project)
Sword Coast Legends (HKLM\...\Steam App 325600) (Version:  - n-Space)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Temple of Elemental Evil (HKLM-x32\...\GOGPACKTEMPLEOFELEMENTALEVIL_is1) (Version: 2.0.0.13 - GOG.com)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
VanDyke Software SecureCRT and SecureFX 6.5 (HKLM\...\{A8D2E5BF-BA98-4451-B520-76C33FC8F1A1}) (Version: 6.5.3 - VanDyke Software, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warhammer Quest (HKLM\...\Steam App 326670) (Version:  - Rodeo Games)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Xming-fonts 7.5.0.93 (HKLM-x32\...\Xming-fonts_is1) (Version: 7.5.0.93 - Colin Harrison)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\presence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC77B00-31FC-46E3-BE47-079EB28E798A} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {1A239B88-E101-4C59-B45A-B50E788F3087} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {1C1EF7C4-B2F2-467D-BEB8-53A55740FF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26] (Google Inc.)
Task: {1F94B098-F9FE-46E4-B893-3BC5D863AF1F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {659A0848-8972-498E-8442-33920E0AE90B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {78CF86A6-F063-42A9-AF9B-B2BE0EE57DA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {7981D7DD-C887-4E8A-85BF-46307195BF39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {95A75093-D66C-4C77-9B8C-839B4E298EAD} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {9DF8011E-E485-4506-A64A-FE906EB56FED} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {A5001DB6-7B5D-4704-9960-B6A69C2B0566} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {B537BFDD-C427-4CD8-A7F2-C433B3E1FCA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26] (Google Inc.)
Task: {D9838424-1E25-4ACF-B35D-4863C094E5B7} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {E220F6AA-78F3-4658-9A7E-B55AFA990067} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {E3674105-9456-4F17-8444-3925F5940699} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FF3EFF1D-9471-4B7E-B277-E8BF45D90F0F} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-02 23:07 - 2016-05-01 23:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 23:07 - 2016-05-01 23:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-02 23:08 - 2016-05-01 23:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-29 10:02 - 2016-05-01 23:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-02 23:07 - 2016-05-01 23:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-13 00:45 - 2016-03-29 04:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 00:45 - 2016-03-29 04:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-20 13:03 - 2016-05-20 13:03 - 00959168 _____ () C:\Users\presence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-02-21 15:38 - 2016-02-21 15:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-02-25 20:01 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 06:35 - 2016-04-22 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 06:35 - 2016-04-22 21:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 06:35 - 2016-04-22 22:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-29 10:02 - 2016-05-01 23:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 10:02 - 2016-05-01 23:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-12 18:51 - 2016-05-10 21:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 18:51 - 2016-05-10 21:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-10-16 08:14 - 2015-10-16 08:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7903 more sites.

IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123simsen.com -> www.123simsen.com

There are 7902 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-06 21:58 - 2015-10-30 01:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\presence\Desktop\strange_image.jpg
DNS Servers: 192.168.2.1 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\StartupApproved\Run: => "Pidgin"
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E373E0F6-DC71-4912-AD01-22ABA4AC0D53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{394AEC94-514C-42B1-AC9C-1B5AE00E42E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97A670E0-90F8-4F90-BC45-5946BE70EADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3C661387-9C65-4B68-ACFB-7B142DD092FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{07B904FF-FADC-4595-A84A-B0641BB45491}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{788F59DB-989F-4FA8-A1A7-47EC1929F715}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B2810D8-A65B-4824-A5E7-0FEA84358074}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BCD3D8CE-7CBF-480F-87F1-A4E444CA318C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEF3F7E1-84A5-4CD6-A599-42D3ADC65DDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB263729-CD7E-4AC6-B750-F30F83968763}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{FCC5E498-FC94-482C-9822-78B43702B782}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{2F729BD2-CCCE-441D-B6B1-D87CB10E6BC5}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{A1423FDD-7365-446E-82D6-C8FDE55AD0F9}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{E617523A-AEED-4DEB-BE15-60F3F23D5DD0}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - Warriors of the North\KBWotN.exe
FirewallRules: [{3A41718D-DE60-405B-8890-BC74DA8DDCB5}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - Warriors of the North\KBWotN.exe
FirewallRules: [{56C1E586-02C0-438E-B004-30D009BC9779}] => (Allow) D:\Games\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BD94416B-884E-4789-BB8D-AF375E5F2559}] => (Allow) D:\Games\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8DE73FB4-AA2B-4DE9-A6FD-663765CDC7ED}] => (Allow) D:\Games\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{52DBB896-BB4D-4C0E-90FF-1AD495ABEFBE}] => (Allow) D:\Games\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{DB902CCF-088F-4DA5-A577-532979785EEF}] => (Allow) D:\Games\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{AAD0E9BC-5F02-4669-ABCF-AF14EA1C6157}] => (Allow) D:\Games\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{2DA52E90-28A4-410D-8956-B67A01B37566}] => (Allow) D:\Games\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{2E17ED6C-860D-43B8-BB26-0F4D6E3ADEE0}] => (Allow) D:\Games\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{91B6CE17-4C37-4C85-A853-F762D9318039}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Armored Princess\KB.exe
FirewallRules: [{079121B3-216B-413A-8072-72675AADB1E6}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Armored Princess\KB.exe
FirewallRules: [{1AAC21D6-6B4E-4BF6-B96C-CC50489AB2DE}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{ECFE3B21-1C16-48D7-8934-5D26F3750CC3}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{7B916FCB-4933-4A9D-9D31-12E95919819D}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{1872255E-755F-42FD-B1F2-B883B59573F8}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{75E2FD78-0AB2-47F2-A8E0-A665E1A94B1F}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{5D6D7877-B802-4416-A6D3-EE9272DF2D5A}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{E24555B9-92C6-4351-9DC1-8EF4CFD6AFA6}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{19454C6B-837F-4AC2-8445-9938A38568E1}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5B8596E7-984A-4405-B1D9-D77210CFC3A2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E2E9606E-FAE5-400E-80A9-526E1E444BD2}] => (Allow) LPort=2869
FirewallRules: [{326D9F47-4965-4529-A4CE-7D25AD2161B1}] => (Allow) LPort=1900
FirewallRules: [{D121F97F-A0B1-4925-B214-7ACB3C1B46A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1B7536F5-DAF1-4B6E-8325-24635E53AC43}] => (Allow) D:\Games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{1E0D57ED-ED76-4305-8CDD-8804DF70B936}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{C8333DD7-5D62-484B-9597-0FC13ABF4C73}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{EA6E51CA-0664-4A97-835D-0F53B96F0732}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{AED0975E-CAF4-4D71-A8E5-94F0B7E781FE}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{434EC9AA-ACD3-4D26-AA5E-938FD2F8D3D8}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{57B9B32E-A366-44D2-A7AF-24102382E781}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{7B71FD4A-1B6C-4877-8B8C-C11FD2086955}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{EDE8E181-E52B-4817-B81B-B7A0DEC2A287}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB909050-5EA2-420B-83F3-C4117947985A}] => (Allow) D:\Games\Steam\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{FFC29CE5-D24A-4361-AFA8-F38D080AF48A}] => (Allow) D:\Games\Steam\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{9895C013-371F-46DC-8423-BDBD1D18ECFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF937CFE-6847-442F-8F69-78DC69587A81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20C3AF04-5D1D-4ED1-AB27-79A27BD6A76F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46B1A993-D1C8-4AD4-8861-8B29AFA2E9ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31AF179B-9C29-4D40-AB14-95C4A6D83972}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{691312DE-41DF-4288-B1D1-EDE30FCB7FCA}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{8F374A25-E0AF-4004-B57C-7B41453CF9DC}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{1B62A6AB-0D32-49E1-995A-96593B4FEA50}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{357C6E9C-F782-450E-9252-A3846AB89400}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{1FEBE81F-1F6E-4BF0-82DA-455939B42F98}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{5EFF565D-94CA-40FC-B3BD-F1FB6D95B2ED}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{676C15D8-FEB9-4010-A3C3-4B292BF6D97C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{739C0AB6-24A3-4493-9FE9-8C1563CA19F3}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [TCP Query User{806B2BDA-5D88-4FAD-AFED-89C07325F882}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{361A25FB-1AA4-4A0F-91BA-275B37498791}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [{2020A14E-8874-4C1B-BFFF-D4BCD06DC2A3}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer Quest\WarhammerQuest.exe
FirewallRules: [{703813A3-1256-42E8-98AC-5964F19E2302}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer Quest\WarhammerQuest.exe
FirewallRules: [{5D5DAB35-11B7-4AD8-8048-57FE61342CC5}] => (Allow) D:\Games\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{A543A537-543C-4402-913B-C1D6DF6A9E3E}] => (Allow) D:\Games\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{EDC8DC2C-A319-402D-ACF1-1FC3DBC7B56F}] => (Allow) D:\Games\Steam\steamapps\common\Sword Coast Legends\SwordCoast.exe
FirewallRules: [{E6A6F540-F8D5-46C7-8D06-5F065DE26873}] => (Allow) D:\Games\Steam\steamapps\common\Sword Coast Legends\SwordCoast.exe
FirewallRules: [{67E30DE3-D0EB-4BCA-8EFD-7C0FA01E2AFB}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{3FF00560-F6B9-4BB8-893F-ED85D865E1C9}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{DB1A5ED8-1A70-400A-805D-5CC8C428843A}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{B653699B-CDF1-4FA3-8CE0-071DD4CE62D9}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{44CE64FF-ED98-4C14-BE3B-7950CEC39C0A}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E41A5652-8DC8-4A28-ACCF-755430E8B530}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB846C47-83F9-4A0D-A357-72AB2133F0EB}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{3209F767-7B5E-40DE-8D11-738CEFD52DE8}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{DAA6FA53-FE80-4480-B014-B03F2AD727D0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{CB853DBB-6642-4A79-BF96-C709962C6B66}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{61107D1F-0808-40D5-8B37-CFC615C8E9AF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{80C1AFD2-3C60-45FF-8F35-20B2A7799EF7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{837246C0-2054-4D79-90D0-41CB2B44C2AE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{758D561B-B030-41C5-A8AA-8051AB8E73F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-06-2016 15:19:08 Dell Update: Realtek High-Definition Audio ALC3234 and ALC3246 Driver
06-06-2016 16:45:45 JRT Pre-Junkware Removal
06-06-2016 22:37:38 JRT Pre-Junkware Removal
08-06-2016 15:03:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: NVIDIA GeForce GTX 960M
Description: NVIDIA GeForce GTX 960M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2016 03:45:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:03:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/08/2016 09:32:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 07:47:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c
Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x5726e510
Exception code: 0xc0000005
Fault offset: 0x00000000000d45a0
Faulting process id: 0x105c
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
Faulting package full name: NvStreamNetworkService.exe4
Faulting package-relative application ID: NvStreamNetworkService.exe5

Error: (06/08/2016 07:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x664
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (06/08/2016 07:47:33 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1636) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -266(bf.cxx:14625): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)


System errors:
=============
Error: (06/08/2016 04:39:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/08/2016 04:09:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/08/2016 03:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/08/2016 03:45:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\presence\AppData\Local\Temp\ehdrv.sys

Error: (06/08/2016 03:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/08/2016 03:45:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\presence\AppData\Local\Temp\ehdrv.sys

Error: (06/08/2016 03:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/08/2016 03:45:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\presence\AppData\Local\Temp\ehdrv.sys

Error: (06/08/2016 03:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/08/2016 03:45:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\presence\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-06-08 08:03:59.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 08:03:59.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-06 22:14:17.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-06 22:14:16.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-16 02:41:20.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 22:34:19.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 19:27:18.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 03:16:34.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 21:41:59.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 23:48:07.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 16256.96 MB
Available physical RAM: 10553.82 MB
Total Virtual: 18688.96 MB
Available Virtual: 12074.54 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.96 GB) (Free:744.77 GB) NTFS
Drive d: (Games) (Fixed) (Total:465.63 GB) (Free:313.63 GB) NTFS
Drive e: () (Removable) (Total:28.96 GB) (Free:28.96 GB) FAT32
Drive f: (VAULT) (Removable) (Total:57.87 GB) (Free:55.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E42AA69E)

Partition: GPT.

========================================================
Disk: 2 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 29 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

  • Root Admin

Okay, let me get a new set of FRST logs. Make sure  you check the box for the Additions.txt log. Then attach both logs back here.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

 

Link to post
Share on other sites

FRST Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016
Ran by presence (administrator) on FALCHION (09-06-2016 15:29:10)
Running from C:\Users\presence\Desktop\Malware Tools
Loaded Profiles: presence (Available Profiles: presence)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.30.8\LogiOptionsMgr.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(VanDyke Software, Inc.) C:\Program Files\VanDyke Software\Clients\SecureCRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3075552 2015-04-29] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2016-02-19] (Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [Pidgin] => C:\Program Files (x86)\Pidgin\pidgin.exe [58680 2016-01-01] (The Pidgin developer community)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [Steam] => d:\Games\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3978304 2016-06-08] (GOG.com)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{bdee8c78-1837-404e-bff4-a2d3aa07eb75}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{f32a4242-4910-4228-a7ff-150d7f68a4ad}: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001 -> DefaultScope {07287802-41A3-4515-BE43-6DDF62B9A9FA} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: FlashGot - C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-17]
FF Extension: uBlock Origin - C:\Users\presence\AppData\Roaming\Mozilla\Firefox\Profiles\mmaukwxf.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-02]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (Google Docs) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (uBlock Origin) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-02]
CHR Extension: (Google Search) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (PwdHash port) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfmcfhnhnpoehjoommondmlmhdoonca [2016-05-31]
CHR Extension: (Google Sheets) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Authy Chrome Extension) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2016-02-28]
CHR Extension: (Authy) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2016-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\presence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [604280 2016-01-25] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-03-02] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [245312 2016-06-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-08] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-07-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-01-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38240 2016-02-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-27] (REALiX(tm))
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
S3 iaLPSS2_SPI; C:\Windows\System32\drivers\iaLPSS2_SPI.sys [152360 2015-06-16] (Intel Corporation)
S3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [257776 2015-07-13] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\System32\drivers\NdisImPlatform.sys [126976 2015-10-30] (Microsoft Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6723856 2016-01-21] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-09 07:06 - 2016-06-09 07:06 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 07:06 - 2016-06-09 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-09 07:06 - 2016-06-09 07:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-09 07:06 - 2016-06-09 07:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 07:06 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-09 07:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-09 07:06 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-09 07:05 - 2016-06-09 07:05 - 22851472 _____ (Malwarebytes ) C:\Users\presence\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-06-09 07:04 - 2016-06-09 07:04 - 00000000 ___HD C:\OneDriveTemp
2016-06-08 23:58 - 2016-06-08 23:58 - 00000218 _____ C:\Users\presence\AppData\Local\recently-used.xbel
2016-06-08 12:44 - 2016-06-02 21:28 - 00111552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-06-08 12:42 - 2016-06-03 01:22 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 31641656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 25404864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 21812056 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 21355464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 18151128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 17746664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 17432544 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 08733792 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 02844608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 02470336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00983488 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00910392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00787384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00632848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00565208 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00379808 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00316632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-08 12:42 - 2016-06-03 01:22 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-08 10:57 - 2016-06-08 10:57 - 03009040 _____ C:\Users\presence\Downloads\The-Octopi-of-the-Ninth-World-2016-06-06_57584e87e0260.pdf
2016-06-08 09:31 - 2016-06-09 07:05 - 00000000 ____D C:\Users\presence\Desktop\Malware Tools
2016-06-08 07:46 - 2016-06-08 07:46 - 00000000 ____D C:\Windows\ERDNT
2016-06-08 07:45 - 2016-06-08 07:45 - 00000999 _____ C:\Users\presence\Desktop\NTREGOPT.lnk
2016-06-08 07:45 - 2016-06-08 07:45 - 00000980 _____ C:\Users\presence\Desktop\ERUNT.lnk
2016-06-08 07:45 - 2016-06-08 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-06-08 07:45 - 2016-06-08 07:45 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-06-06 23:45 - 2016-06-06 23:46 - 00345118 _____ C:\Windows\ntbtlog.txt
2016-06-06 23:11 - 2016-06-06 23:31 - 00035328 _____ C:\Users\presence\Desktop\CheckResults.txt
2016-06-06 23:10 - 2016-06-06 23:10 - 00003410 _____ C:\Windows\System32\Tasks\WRUStartup
2016-06-06 23:10 - 2016-06-06 23:10 - 00003392 _____ C:\Windows\System32\Tasks\WRU
2016-06-06 23:10 - 2016-06-06 23:10 - 00002085 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-06-06 23:10 - 2016-06-06 23:10 - 00000000 ____D C:\Program Files\Intel Corporation
2016-06-06 23:09 - 2016-06-06 23:09 - 00000000 ____D C:\Users\presence\AppData\Local\Intel WiDi
2016-06-06 23:07 - 2016-06-06 23:09 - 128610456 _____ (Intel Corporation) C:\Users\presence\Downloads\Setup.exe
2016-06-06 22:36 - 2016-06-06 22:36 - 00099978 _____ C:\Users\presence\Documents\cc_20160606_223643.reg
2016-06-06 22:31 - 2016-06-06 22:31 - 06893008 _____ (Piriform Ltd) C:\Users\presence\Downloads\ccsetup518.exe
2016-06-06 22:31 - 2016-06-06 22:31 - 00002862 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-06 22:31 - 2016-06-06 22:31 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-06 22:31 - 2016-06-06 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-06 22:31 - 2016-06-06 22:31 - 00000000 ____D C:\Program Files\CCleaner
2016-06-06 16:19 - 2016-06-06 16:19 - 00281526 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_16.19.01_log.txt
2016-06-03 15:21 - 2016-06-03 15:21 - 00000000 ____D C:\Windows\system32\RTCOM
2016-06-03 15:21 - 2016-06-03 15:21 - 00000000 ____D C:\Program Files\Waves
2016-06-03 15:20 - 2016-06-08 12:43 - 00000000 ____D C:\Windows\LastGood
2016-06-03 15:19 - 2016-02-05 09:53 - 72203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2016-06-03 15:19 - 2016-02-05 09:53 - 13120760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 12986520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 12014448 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 05611370 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-06-03 15:19 - 2016-02-05 09:53 - 03700360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2016-06-03 15:19 - 2016-02-05 09:53 - 03282032 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 03198720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02894968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-06-03 15:19 - 2016-02-05 09:53 - 02823280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 02037504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01743632 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01421104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01356504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01211832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00914024 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00768824 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00642928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00577840 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00203560 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00164432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00074608 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2016-06-03 15:19 - 2016-02-05 09:53 - 00069928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2016-06-03 11:25 - 2016-06-03 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-03 11:18 - 2016-06-03 11:18 - 140619040 _____ (GOG.com ) C:\Users\presence\Downloads\setup_galaxy_1.1.10.47.exe
2016-06-03 10:53 - 2016-06-03 10:53 - 02249592 _____ C:\Users\presence\Downloads\Lighter Dungeon.rar
2016-06-03 10:44 - 2016-06-03 10:44 - 00000208 _____ C:\Users\presence\Desktop\Satellite Reign.url
2016-05-31 12:09 - 2016-05-31 12:09 - 00152227 _____ C:\Users\presence\Desktop\alienvault-ss.zip
2016-05-31 11:56 - 2016-05-31 11:57 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-05-31 11:56 - 2016-05-20 02:03 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-31 11:56 - 2016-05-20 02:03 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-31 11:56 - 2016-05-20 02:03 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-31 11:56 - 2016-05-20 02:03 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-28 00:21 - 2016-05-28 00:25 - 00000000 ____D C:\Users\presence\Desktop\OSSIM
2016-05-28 00:19 - 2016-05-28 00:21 - 654311424 _____ C:\Users\presence\Downloads\AlienVault_OSSIM_64bits_5.2.4.iso
2016-05-27 20:56 - 2016-05-27 20:56 - 00000848 _____ C:\Users\presence\Downloads\switch.cfg
2016-05-27 20:55 - 2016-05-27 20:55 - 00706634 _____ C:\Users\presence\Downloads\1800-Software-PA-PB0310.zip
2016-05-27 01:30 - 2016-05-27 01:32 - 00000600 _____ C:\Users\presence\AppData\Local\PUTTY.RND
2016-05-27 01:26 - 2016-05-27 01:26 - 02078720 _____ C:\Users\presence\Downloads\putty-0.67-installer.msi
2016-05-27 01:26 - 2016-05-27 01:26 - 00000964 _____ C:\Users\Public\Desktop\PuTTY.lnk
2016-05-27 01:26 - 2016-05-27 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2016-05-27 01:26 - 2016-05-27 01:26 - 00000000 ____D C:\Program Files (x86)\PuTTY
2016-05-26 22:35 - 2015-07-10 21:21 - 00000000 ____D C:\Users\presence\Downloads\RemoteBox-2.0
2016-05-26 22:34 - 2016-04-17 22:13 - 03328000 _____ C:\Users\presence\Downloads\RemoteBox-2.0.tar
2016-05-26 22:33 - 2016-04-17 22:20 - 00001252 _____ C:\Users\presence\Desktop\Remotebox.lnk
2016-05-25 23:27 - 2016-04-29 16:05 - 00452288 ____R C:\Windows\system32\Drivers\etc\hosts.20160525-232746.backup
2016-05-25 21:59 - 2016-06-08 15:05 - 00000558 _____ C:\Users\presence\Desktop\JRT.txt
2016-05-25 21:55 - 2016-05-25 21:56 - 00288760 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_21.55.46_log.txt
2016-05-25 21:29 - 2016-06-08 07:53 - 00001998 _____ C:\Users\presence\Desktop\Rkill.txt
2016-05-25 14:33 - 2016-06-09 15:29 - 00000000 ____D C:\FRST
2016-05-25 14:33 - 2016-05-25 14:35 - 00062790 _____ C:\Users\presence\Downloads\Addition.txt
2016-05-25 13:48 - 2016-05-25 13:48 - 00001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-05-25 13:48 - 2016-05-25 13:48 - 00001575 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-05-25 13:48 - 2016-05-25 13:48 - 00000000 ____D C:\Users\presence\AppData\Roaming\Wireshark
2016-05-25 13:41 - 2016-05-25 13:41 - 16127164 _____ C:\Users\presence\Downloads\SysinternalsSuite.zip
2016-05-25 13:41 - 2016-05-25 13:41 - 00000000 ____D C:\Users\presence\Desktop\SysinternalsSuite
2016-05-24 23:34 - 2016-05-24 23:40 - 104016465 _____ C:\Users\presence\Downloads\Power Stone (U)(KALISTO).7z
2016-05-24 23:31 - 2016-05-24 23:31 - 02097152 _____ C:\Users\presence\Downloads\dc_bios.bin
2016-05-24 23:31 - 2016-05-24 23:31 - 00131072 _____ C:\Users\presence\Downloads\dc_flash.bin
2016-05-24 23:30 - 2016-05-24 23:30 - 05101131 _____ C:\Users\presence\Downloads\dreamcast-bios.zip
2016-05-23 20:37 - 2016-05-23 20:38 - 26839780 _____ C:\Users\presence\Downloads\MAMEBIOS.rar
2016-05-23 15:16 - 2016-05-23 15:16 - 00143360 _____ C:\Users\presence\Downloads\BIG.U.po
2016-05-23 15:05 - 2016-05-23 15:05 - 08314188 _____ C:\Users\presence\Downloads\Retropie_intro_Émulation_Station_Retroarch_Mario_Luigi.mp4
2016-05-23 15:05 - 2016-05-23 15:05 - 00767269 _____ C:\Users\presence\Downloads\Retropie_intro_Émulation_Station_Retroarch_Mario_Luigi.webm
2016-05-20 16:01 - 2015-07-31 23:26 - 2832813813 _____ C:\Users\presence\Desktop\MAME_0.149_ROMs.zip
2016-05-20 15:38 - 2016-05-20 15:38 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk
2016-05-20 01:24 - 2016-05-20 01:24 - 00016384 _____ C:\Users\presence\Downloads\gba_bios.bin
2016-05-19 18:47 - 2016-05-19 18:47 - 00000000 ____D C:\IN1503_LitePort_DFP-100_Upgrade
2016-05-19 18:41 - 2016-05-19 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InFocus
2016-05-19 18:41 - 2016-05-19 18:41 - 00000000 ____D C:\Program Files\InFocus
2016-05-19 18:41 - 2008-12-31 01:11 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1000.dll
2016-05-19 16:50 - 2016-05-19 16:50 - 00016313 _____ C:\Users\presence\Downloads\resume.pdf
2016-05-16 21:44 - 2016-05-16 21:44 - 00001450 _____ C:\Users\presence\Documents\irssi.key
2016-05-15 12:00 - 2016-05-15 12:00 - 00001917 _____ C:\Users\presence\Desktop\github.cer
2016-05-15 09:51 - 2016-05-15 09:51 - 12855198 _____ C:\Users\presence\Downloads\AVR-3808CI-OM-E_404A.pdf
2016-05-14 22:44 - 2016-05-09 22:05 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-14 22:44 - 2016-05-09 22:05 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-14 22:41 - 2016-04-13 23:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-14 22:41 - 2016-04-13 23:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-14 21:28 - 2016-05-14 21:28 - 00002048 _____ C:\Users\presence\Downloads\grom.bin
2016-05-14 21:27 - 2016-05-14 21:27 - 00008192 _____ C:\Users\presence\Downloads\exec.bin
2016-05-14 19:28 - 2016-05-14 19:28 - 00001138 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2016-05-14 19:28 - 2016-05-14 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2016-05-14 19:28 - 2016-05-14 19:28 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2016-05-14 19:26 - 2016-05-14 19:27 - 12290974 _____ (ImageWriter Developers ) C:\Users\presence\Downloads\Win32DiskImager-0.9.5-install.exe
2016-05-14 19:26 - 2016-04-14 11:11 - 2800000000 _____ C:\Users\presence\Downloads\retropie-v3.7-rpi2.img
2016-05-14 19:07 - 2016-05-14 19:10 - 948546304 _____ C:\Users\presence\Downloads\retropie-v3.7-rpi2_rpi3.img.gz
2016-05-14 17:23 - 2016-05-14 17:23 - 00000208 _____ C:\Users\presence\Desktop\FTL Faster Than Light.url
2016-05-14 17:22 - 2016-05-14 17:23 - 197569383 _____ C:\Users\presence\Downloads\FTL.1.5.13.tar.gz
2016-05-14 17:22 - 2016-05-14 17:23 - 189232271 _____ (Subset Games ) C:\Users\presence\Downloads\FTL_v1.5.13_Install.exe
2016-05-11 06:35 - 2016-04-30 00:31 - 03591168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-05-11 06:35 - 2016-04-23 00:12 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 00713920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-11 06:35 - 2016-04-23 00:12 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-05-11 06:35 - 2016-04-23 00:12 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-11 06:35 - 2016-04-22 23:28 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 06:35 - 2016-04-22 23:28 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:35 - 2016-04-22 23:24 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:35 - 2016-04-22 23:24 - 01819208 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:35 - 2016-04-22 23:10 - 03673424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:35 - 2016-04-22 23:10 - 02919832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 05240960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-05-11 06:35 - 2016-04-22 23:09 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-11 06:35 - 2016-04-22 23:08 - 06605504 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-05-11 06:35 - 2016-04-22 23:08 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-11 06:35 - 2016-04-22 23:01 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:35 - 2016-04-22 22:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-05-11 06:35 - 2016-04-22 22:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-05-11 06:35 - 2016-04-22 22:31 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 06:35 - 2016-04-22 22:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-05-11 06:35 - 2016-04-22 22:30 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-05-11 06:35 - 2016-04-22 22:30 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-05-11 06:35 - 2016-04-22 22:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-05-11 06:35 - 2016-04-22 22:28 - 16984576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-05-11 06:35 - 2016-04-22 22:26 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-05-11 06:35 - 2016-04-22 22:26 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-05-11 06:35 - 2016-04-22 22:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-05-11 06:35 - 2016-04-22 22:23 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-05-11 06:35 - 2016-04-22 22:22 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-05-11 06:35 - 2016-04-22 22:22 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-05-11 06:35 - 2016-04-22 22:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-05-11 06:35 - 2016-04-22 22:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 24604672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-05-11 06:35 - 2016-04-22 22:18 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-05-11 06:35 - 2016-04-22 22:16 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-05-11 06:35 - 2016-04-22 22:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-05-11 06:35 - 2016-04-22 22:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 13383168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-05-11 06:35 - 2016-04-22 22:14 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-05-11 06:35 - 2016-04-22 22:13 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-05-11 06:35 - 2016-04-22 22:13 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-05-11 06:35 - 2016-04-22 22:10 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:35 - 2016-04-22 22:09 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:35 - 2016-04-22 22:09 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-05-11 06:35 - 2016-04-22 22:08 - 05324288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 06:35 - 2016-04-22 22:08 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-05-11 06:35 - 2016-04-22 22:07 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-05-11 06:35 - 2016-04-22 22:07 - 02598912 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-05-11 06:35 - 2016-04-22 22:06 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 05502976 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-05-11 06:35 - 2016-04-22 22:05 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-05-11 06:35 - 2016-04-22 22:04 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-05-11 06:35 - 2016-04-22 22:03 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-05-11 06:35 - 2016-04-22 22:00 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-05-11 06:34 - 2016-05-05 22:53 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdport.sys
2016-05-11 06:34 - 2016-05-05 22:05 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-05-11 06:34 - 2016-05-05 22:03 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-05-11 06:34 - 2016-05-05 21:53 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-05-11 06:34 - 2016-05-05 21:49 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2016-05-11 06:34 - 2016-05-05 21:44 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-05-11 06:34 - 2016-05-05 21:43 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-05-11 06:34 - 2016-05-05 21:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-05-11 06:34 - 2016-04-30 00:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-05-11 06:34 - 2016-04-23 00:12 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-11 06:34 - 2016-04-23 00:12 - 00294592 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-11 06:34 - 2016-04-23 00:12 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-11 06:34 - 2016-04-22 23:26 - 00707608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-05-11 06:34 - 2016-04-22 23:24 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-05-11 06:34 - 2016-04-22 23:24 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-05-11 06:34 - 2016-04-22 23:24 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-05-11 06:34 - 2016-04-22 23:22 - 01161120 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:34 - 2016-04-22 23:18 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-11 06:34 - 2016-04-22 23:13 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-05-11 06:34 - 2016-04-22 23:13 - 00306832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2016-05-11 06:34 - 2016-04-22 23:13 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-05-11 06:34 - 2016-04-22 23:12 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-05-11 06:34 - 2016-04-22 23:11 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00696672 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00390496 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-05-11 06:34 - 2016-04-22 23:11 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-05-11 06:34 - 2016-04-22 23:11 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-05-11 06:34 - 2016-04-22 23:10 - 00330072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-05-11 06:34 - 2016-04-22 23:09 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-05-11 06:34 - 2016-04-22 23:09 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-05-11 06:34 - 2016-04-22 23:09 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-05-11 06:34 - 2016-04-22 23:08 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 01848072 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 01536088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 00204048 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-05-11 06:34 - 2016-04-22 23:07 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-05-11 06:34 - 2016-04-22 23:06 - 00291360 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-05-11 06:34 - 2016-04-22 23:02 - 00188256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00650304 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00619296 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00577368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-05-11 06:34 - 2016-04-22 23:01 - 00522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00513368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:34 - 2016-04-22 23:01 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 06:34 - 2016-04-22 23:01 - 00217440 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01594920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01372304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00453472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-05-11 06:34 - 2016-04-22 23:00 - 00058208 _____ (Microsoft Corporation) C:\Windows\system32\dwminit.dll
2016-05-11 06:34 - 2016-04-22 22:56 - 00534872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-05-11 06:34 - 2016-04-22 22:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-05-11 06:34 - 2016-04-22 22:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-05-11 06:34 - 2016-04-22 22:34 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2016-05-11 06:34 - 2016-04-22 22:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-05-11 06:34 - 2016-04-22 22:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2016-05-11 06:34 - 2016-04-22 22:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ByteCodeGenerator.exe
2016-05-11 06:34 - 2016-04-22 22:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-05-11 06:34 - 2016-04-22 22:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 06:34 - 2016-04-22 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-05-11 06:34 - 2016-04-22 22:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filecrypt.sys
2016-05-11 06:34 - 2016-04-22 22:29 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-05-11 06:34 - 2016-04-22 22:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2016-05-11 06:34 - 2016-04-22 22:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-11 06:34 - 2016-04-22 22:29 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-05-11 06:34 - 2016-04-22 22:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-05-11 06:34 - 2016-04-22 22:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-05-11 06:34 - 2016-04-22 22:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-05-11 06:34 - 2016-04-22 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-05-11 06:34 - 2016-04-22 22:24 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-05-11 06:34 - 2016-04-22 22:23 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-05-11 06:34 - 2016-04-22 22:22 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-05-11 06:34 - 2016-04-22 22:21 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:34 - 2016-04-22 22:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-05-11 06:34 - 2016-04-22 22:20 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 06:34 - 2016-04-22 22:19 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2016-05-11 06:34 - 2016-04-22 22:19 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-05-11 06:34 - 2016-04-22 22:18 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-05-11 06:34 - 2016-04-22 22:18 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-05-11 06:34 - 2016-04-22 22:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-05-11 06:34 - 2016-04-22 22:17 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:34 - 2016-04-22 22:17 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2016-05-11 06:34 - 2016-04-22 22:16 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 06:34 - 2016-04-22 22:15 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-05-11 06:34 - 2016-04-22 22:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 06:34 - 2016-04-22 22:13 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-05-11 06:34 - 2016-04-22 22:12 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 06:34 - 2016-04-22 22:10 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-05-11 06:34 - 2016-04-22 22:07 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:34 - 2016-04-22 22:07 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-05-11 06:34 - 2016-04-22 22:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-05-11 06:34 - 2016-04-22 22:04 - 01731072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:34 - 2016-04-22 22:03 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-05-11 06:34 - 2016-04-22 22:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-05-11 06:34 - 2016-04-22 22:01 - 04775424 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-11 06:34 - 2016-04-22 22:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-05-11 06:34 - 2016-04-22 21:45 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-05-11 06:34 - 2016-04-22 20:10 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-11 06:34 - 2016-04-22 20:10 - 00002186 _____ C:\Windows\system32\AppxProvisioning.xml
2016-05-11 06:34 - 2016-04-18 16:30 - 00002186 _____ C:\Windows\SysWOW64\AppxProvisioning.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-09 15:29 - 2016-02-17 19:16 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-09 14:50 - 2016-02-26 08:40 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-09 13:19 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-09 13:13 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-09 07:09 - 2016-02-17 19:06 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 07:09 - 2015-10-30 01:21 - 00000000 ____D C:\Windows\INF
2016-06-09 07:04 - 2016-03-02 23:26 - 00000000 ___RD C:\Users\presence\Dropbox
2016-06-09 07:04 - 2016-02-25 18:49 - 00000000 ___RD C:\Users\presence\OneDrive
2016-06-09 07:03 - 2016-02-26 08:40 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-09 07:03 - 2016-02-25 18:47 - 00000000 __SHD C:\Users\presence\IntelGraphicsProfiles
2016-06-09 07:03 - 2016-02-25 18:46 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-09 07:03 - 2016-02-17 19:16 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-09 07:03 - 2016-02-17 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-09 07:03 - 2016-02-17 18:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-09 07:02 - 2015-10-30 00:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-09 00:08 - 2016-02-26 09:29 - 00000000 ____D C:\Users\presence\AppData\Roaming\.purple
2016-06-08 23:58 - 2016-04-17 22:23 - 00000547 _____ C:\Users\presence\AppData\Local\remotebox.conf
2016-06-08 23:53 - 2016-04-17 23:29 - 00002306 ____H C:\Users\presence\Documents\Default.rdp
2016-06-08 18:12 - 2016-02-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-08 16:52 - 2016-02-26 08:40 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 16:52 - 2016-02-26 08:40 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-08 15:19 - 2016-04-29 15:45 - 00000000 ____D C:\AdwCleaner
2016-06-08 15:05 - 2016-02-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 12:44 - 2016-03-13 22:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-08 12:44 - 2016-02-17 19:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-08 07:49 - 2016-04-21 22:51 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-06-06 23:45 - 2016-04-29 15:10 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-06 23:10 - 2016-02-17 19:16 - 00003832 _____ C:\Windows\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2016-06-06 23:10 - 2016-02-17 19:16 - 00003598 _____ C:\Windows\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2016-06-06 23:10 - 2016-02-17 19:02 - 00000000 ____D C:\Program Files\Intel
2016-06-06 23:03 - 2016-03-14 15:16 - 00000000 ____D C:\Users\presence\AppData\Roaming\TS3Client
2016-06-06 23:03 - 2016-03-07 10:36 - 00000000 ____D C:\Users\presence\AppData\Local\CrashDumps
2016-06-06 23:03 - 2016-02-17 18:39 - 00000000 ____D C:\Windows\Panther
2016-06-06 21:54 - 2016-04-29 15:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-06 21:53 - 2016-04-29 15:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-04 18:06 - 2016-03-14 22:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 18:51 - 2016-02-17 19:11 - 13553096 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-03 15:21 - 2016-02-17 19:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-06-03 15:21 - 2016-02-17 19:02 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-06-03 15:19 - 2016-02-27 01:41 - 00001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2016-06-03 11:25 - 2016-02-17 19:16 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-03 10:44 - 2016-03-30 19:36 - 00000000 ____D C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-03 01:22 - 2016-03-29 10:04 - 20375488 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-03 01:22 - 2016-03-29 10:04 - 17729184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-03 01:22 - 2016-03-29 10:04 - 14462536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 03811256 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 03371624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 01:22 - 2016-02-17 19:11 - 00040084 _____ C:\Windows\system32\nvinfo.pb
2016-06-02 21:59 - 2016-02-17 19:12 - 06452948 _____ C:\Windows\system32\nvcoproc.bin
2016-06-02 21:59 - 2016-02-17 19:12 - 06364216 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 02455608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-02 21:59 - 2016-02-17 19:12 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-02 21:59 - 2016-02-17 19:12 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-01 14:25 - 2016-02-17 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-01 14:25 - 2016-02-17 19:01 - 00000000 ____D C:\Program Files\Dell
2016-05-27 18:30 - 2016-04-17 23:36 - 00000000 ____D C:\Users\presence\.zenmap
2016-05-26 22:35 - 2016-04-17 22:20 - 00000000 ____D C:\Program Files (x86)\RemoteBox
2016-05-25 14:19 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence
2016-05-25 13:48 - 2016-02-28 00:39 - 00000000 ____D C:\Program Files\Wireshark
2016-05-20 15:38 - 2016-02-25 19:00 - 00000168 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2016-05-20 15:38 - 2016-02-17 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-20 13:03 - 2016-02-25 18:49 - 00002378 _____ C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-19 23:22 - 2016-03-15 19:26 - 00000000 ____D C:\Users\presence\AppData\Local\ElevatedDiagnostics
2016-05-19 18:34 - 2016-02-27 23:24 - 00000000 ____D C:\Users\presence\AppData\Roaming\vlc
2016-05-16 22:12 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\rescache
2016-05-14 22:48 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence\AppData\Local\VirtualStore
2016-05-14 22:42 - 2016-02-25 18:47 - 00000000 ____D C:\Users\presence\AppData\Local\NVIDIA
2016-05-14 22:37 - 2016-02-17 19:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-14 22:31 - 2015-10-30 03:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-14 22:31 - 2015-10-30 01:24 - 00015703 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\oobe
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\Provisioning
2016-05-14 22:31 - 2015-10-30 01:24 - 00000000 ____D C:\Windows\bcastdvr
2016-05-14 18:53 - 2015-10-30 01:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-11 13:57 - 2015-10-30 01:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 13:57 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 12:01 - 2016-03-02 23:24 - 00000000 ____D C:\Users\presence\AppData\Local\Dropbox
2016-05-11 08:46 - 2016-02-26 01:19 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:36 - 2016-02-26 01:19 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 04:27 - 2016-03-14 22:13 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 16:45 - 2016-02-26 08:40 - 00003980 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:45 - 2016-02-26 08:40 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-27 01:30 - 2016-05-27 01:32 - 0000600 _____ () C:\Users\presence\AppData\Local\PUTTY.RND
2016-06-08 23:58 - 2016-06-08 23:58 - 0000218 _____ () C:\Users\presence\AppData\Local\recently-used.xbel
2016-04-17 22:23 - 2016-06-08 23:58 - 0000547 _____ () C:\Users\presence\AppData\Local\remotebox.conf
2016-04-05 18:14 - 2016-04-05 18:14 - 0000000 _____ () C:\Users\presence\AppData\Local\{938DB3A5-655E-4C92-861D-1167045EA05D}
2016-04-05 18:11 - 2016-04-05 18:11 - 0000000 _____ () C:\Users\presence\AppData\Local\{CC77D4F9-A8A6-4C59-BCFE-688434DDBD0E}
2016-02-17 19:03 - 2016-02-17 19:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\presence\vars.bat


Some files in TEMP:
====================
C:\Users\presence\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\presence\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\presence\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-03 23:09

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by presence (2016-06-09 15:29:35)
Running from C:\Users\presence\Desktop\Malware Tools
Windows 10 Home Version 1511 (X64) (2016-02-26 00:45:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2299537190-2399584097-4290133042-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2299537190-2399584097-4290133042-503 - Limited - Disabled)
Guest (S-1-5-21-2299537190-2399584097-4290133042-501 - Limited - Disabled)
presence (S-1-5-21-2299537190-2399584097-4290133042-1001 - Administrator - Enabled) => C:\Users\presence

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Demo (HKLM\...\Steam App 231350) (Version:  - Futuremark)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitvise SSH Client - FlowSshNet (x64) (Version: 5.37.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client - FlowSshNet (x86) (x32 Version: 5.37.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client 6.47 (remove only) (HKLM-x32\...\BvSshClient) (Version: 6.47 - Bitvise Limited)
Black Shell Games - SanctuaryRPG -  (HKLM-x32\...\Black Shell Games SanctuaryRPG) (Version: "1.0.2.1.0.2.1.0.2" - "Black Shell Games")
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CHIRP (HKLM-x32\...\CHIRP) (Version:  - )
Circle of Eight Modpack version 8.1.0 New Content Edition (HKLM-x32\...\{4D57C220-6ACB-4427-8885-13933789323E}_is1) (Version: 8.1.0 New Content Edition - Circle of Eight)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EditPad Lite 7.4.0 (HKLM\...\EditPad Lite) (Version: 7.4.0 - Just Great Software)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{AEDB19D7-A2E9-4896-8780-1CD0F05DD0D6}) (Version: 4.42.579.0 - Futuremark)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HWiNFO64 Version 5.20 (HKLM\...\HWiNFO64_is1) (Version: 5.20 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InFocus IN1503 Firmware Update Utility v1.0.3 (HKLM-x32\...\{A9E1C97B-9786-4E83-A8E7-B4017DB521CF}_is1) (Version:  - InFocus, Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{78D56409-3E08-4C28-845F-259CAA181581}) (Version: 6.0.66.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c28476ae-214c-4ed9-b4ae-5b3c00a4ef72}) (Version: 18.33.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King's Bounty: Armored Princess (HKLM-x32\...\Steam App 3170) (Version:  - Katauri Interactive)
King's Bounty: Crossworlds (HKLM-x32\...\Steam App 63910) (Version:  - Katauri Interactive)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
King's Bounty: Warriors of the North (HKLM-x32\...\Steam App 203350) (Version:  - 1C-SoftClub)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nmap 7.01 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenVPN 2.3.10-I002  (HKLM\...\OpenVPN) (Version: 2.3.10-I002 - )
PCGen60600RC3 (HKLM-x32\...\PCGen60600RC3) (Version:  - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
PS4 Remote Play (HKLM-x32\...\{1F1AAC07-945B-451F-9CE6-1C7E7BB9CBF2}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.5.02 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Satellite Reign (HKLM\...\Steam App 268870) (Version:  - 5 Lives Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Shadowrun Returns (HKLM\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shadowrun: Hong Kong - Extended Edition (HKLM\...\Steam App 346940) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM\...\Steam App 250760) (Version:  - Yacht Club Games)
Shroud of the Avatar: Forsaken Virtues (HKLM\...\Steam App 326160) (Version:  - Portalarium)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strawberry Perl (HKLM-x32\...\{7F3E14F6-6F1E-1014-BAF3-DA7C31843670}) (Version: 5.22.1003 - strawberryperl.com project)
Sword Coast Legends (HKLM\...\Steam App 325600) (Version:  - n-Space)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Temple of Elemental Evil (HKLM-x32\...\GOGPACKTEMPLEOFELEMENTALEVIL_is1) (Version: 2.0.0.13 - GOG.com)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
VanDyke Software SecureCRT and SecureFX 6.5 (HKLM\...\{A8D2E5BF-BA98-4451-B520-76C33FC8F1A1}) (Version: 6.5.3 - VanDyke Software, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warhammer Quest (HKLM\...\Steam App 326670) (Version:  - Rodeo Games)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
Xming-fonts 7.5.0.93 (HKLM-x32\...\Xming-fonts_is1) (Version: 7.5.0.93 - Colin Harrison)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\presence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC77B00-31FC-46E3-BE47-079EB28E798A} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {1A239B88-E101-4C59-B45A-B50E788F3087} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {1C1EF7C4-B2F2-467D-BEB8-53A55740FF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26] (Google Inc.)
Task: {1F94B098-F9FE-46E4-B893-3BC5D863AF1F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {659A0848-8972-498E-8442-33920E0AE90B} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {78CF86A6-F063-42A9-AF9B-B2BE0EE57DA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {7981D7DD-C887-4E8A-85BF-46307195BF39} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {95A75093-D66C-4C77-9B8C-839B4E298EAD} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {9DF8011E-E485-4506-A64A-FE906EB56FED} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {A5001DB6-7B5D-4704-9960-B6A69C2B0566} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {B537BFDD-C427-4CD8-A7F2-C433B3E1FCA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-26] (Google Inc.)
Task: {D9838424-1E25-4ACF-B35D-4863C094E5B7} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {E220F6AA-78F3-4658-9A7E-B55AFA990067} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {E3674105-9456-4F17-8444-3925F5940699} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FF3EFF1D-9471-4B7E-B277-E8BF45D90F0F} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job =>
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\presence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-17 19:12 - 2016-06-02 21:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 23:07 - 2016-05-01 23:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-02 23:07 - 2016-05-01 23:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-29 10:02 - 2016-05-01 23:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-02 23:08 - 2016-05-01 23:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 10:02 - 2016-05-01 23:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-02 23:07 - 2016-05-01 23:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-13 00:45 - 2016-03-29 04:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 00:45 - 2016-03-29 04:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-20 13:03 - 2016-05-20 13:03 - 00959168 _____ () C:\Users\presence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-29 10:02 - 2016-05-01 23:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 10:02 - 2016-05-01 23:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-17 18:45 - 2016-01-25 10:33 - 00384120 _____ () C:\Windows\system32\igfxTray.exe
2016-02-25 20:01 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 06:34 - 2016-04-22 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 06:35 - 2016-04-22 22:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 06:35 - 2016-04-22 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 06:35 - 2016-04-22 21:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 06:35 - 2016-04-22 22:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-08 16:52 - 2016-06-03 19:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 16:52 - 2016-06-03 19:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-06-08 16:52 - 2016-06-03 19:01 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 18:42 - 2016-04-18 18:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-17 19:12 - 2016-05-02 00:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-20 13:03 - 2016-05-20 13:03 - 00679624 _____ () C:\Users\presence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 45069312 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00500736 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 01069568 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 01847296 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00386048 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00513536 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 01582080 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00300544 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00323584 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00096768 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00265216 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00672768 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00144896 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00150528 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00418304 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2016-04-21 22:51 - 2016-03-25 13:13 - 00107520 _____ () C:\Program Files (x86)\GalaxyClient\ZLIB1.dll
2016-03-02 23:25 - 2016-05-05 04:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-03 11:25 - 2016-05-05 04:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-03 11:25 - 2016-05-05 04:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-03-02 23:25 - 2016-05-05 04:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-03-02 23:25 - 2016-05-05 04:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-03 11:25 - 2016-05-05 04:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-03-02 23:25 - 2016-05-31 12:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-03-02 23:25 - 2016-05-05 04:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-03-02 23:25 - 2016-05-05 04:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-03 11:25 - 2016-05-05 04:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 11:25 - 2016-05-05 04:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-03 11:25 - 2016-05-31 12:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-03-02 23:25 - 2016-05-05 04:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-03 11:25 - 2016-05-05 04:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 11:25 - 2016-05-05 04:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-03 11:25 - 2016-05-31 12:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-03 11:25 - 2016-03-11 18:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-03 11:25 - 2016-05-31 12:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 11:25 - 2016-05-31 12:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-03-02 23:25 - 2016-05-05 04:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-02 23:25 - 2016-05-05 04:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-15 03:25 - 2016-05-31 12:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-03-02 23:25 - 2016-05-31 12:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 11:25 - 2016-05-31 12:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-21 22:51 - 2016-04-25 10:32 - 01643008 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2016-04-21 22:51 - 2016-04-25 10:32 - 00074752 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-10-16 08:14 - 2015-10-16 08:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7903 more sites.

IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\123simsen.com -> www.123simsen.com

There are 7902 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-06 21:58 - 2015-10-30 01:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\presence\Desktop\strange_image.jpg
DNS Servers: 192.168.2.1 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\StartupApproved\Run: => "Pidgin"
HKU\S-1-5-21-2299537190-2399584097-4290133042-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E373E0F6-DC71-4912-AD01-22ABA4AC0D53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{394AEC94-514C-42B1-AC9C-1B5AE00E42E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97A670E0-90F8-4F90-BC45-5946BE70EADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3C661387-9C65-4B68-ACFB-7B142DD092FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{07B904FF-FADC-4595-A84A-B0641BB45491}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{788F59DB-989F-4FA8-A1A7-47EC1929F715}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B2810D8-A65B-4824-A5E7-0FEA84358074}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BCD3D8CE-7CBF-480F-87F1-A4E444CA318C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEF3F7E1-84A5-4CD6-A599-42D3ADC65DDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB263729-CD7E-4AC6-B750-F30F83968763}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{FCC5E498-FC94-482C-9822-78B43702B782}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{2F729BD2-CCCE-441D-B6B1-D87CB10E6BC5}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{A1423FDD-7365-446E-82D6-C8FDE55AD0F9}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{E617523A-AEED-4DEB-BE15-60F3F23D5DD0}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - Warriors of the North\KBWotN.exe
FirewallRules: [{3A41718D-DE60-405B-8890-BC74DA8DDCB5}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - Warriors of the North\KBWotN.exe
FirewallRules: [{56C1E586-02C0-438E-B004-30D009BC9779}] => (Allow) D:\Games\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BD94416B-884E-4789-BB8D-AF375E5F2559}] => (Allow) D:\Games\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8DE73FB4-AA2B-4DE9-A6FD-663765CDC7ED}] => (Allow) D:\Games\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{52DBB896-BB4D-4C0E-90FF-1AD495ABEFBE}] => (Allow) D:\Games\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{DB902CCF-088F-4DA5-A577-532979785EEF}] => (Allow) D:\Games\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{AAD0E9BC-5F02-4669-ABCF-AF14EA1C6157}] => (Allow) D:\Games\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{2DA52E90-28A4-410D-8956-B67A01B37566}] => (Allow) D:\Games\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{2E17ED6C-860D-43B8-BB26-0F4D6E3ADEE0}] => (Allow) D:\Games\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{91B6CE17-4C37-4C85-A853-F762D9318039}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Armored Princess\KB.exe
FirewallRules: [{079121B3-216B-413A-8072-72675AADB1E6}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Armored Princess\KB.exe
FirewallRules: [{1AAC21D6-6B4E-4BF6-B96C-CC50489AB2DE}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{ECFE3B21-1C16-48D7-8934-5D26F3750CC3}] => (Allow) D:\Games\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{7B916FCB-4933-4A9D-9D31-12E95919819D}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{1872255E-755F-42FD-B1F2-B883B59573F8}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\KB.exe
FirewallRules: [{75E2FD78-0AB2-47F2-A8E0-A665E1A94B1F}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{5D6D7877-B802-4416-A6D3-EE9272DF2D5A}] => (Allow) D:\Games\Steam\steamapps\common\King's Bounty - The Legend\save_fixer.exe
FirewallRules: [{E24555B9-92C6-4351-9DC1-8EF4CFD6AFA6}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{19454C6B-837F-4AC2-8445-9938A38568E1}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{5B8596E7-984A-4405-B1D9-D77210CFC3A2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E2E9606E-FAE5-400E-80A9-526E1E444BD2}] => (Allow) LPort=2869
FirewallRules: [{326D9F47-4965-4529-A4CE-7D25AD2161B1}] => (Allow) LPort=1900
FirewallRules: [{D121F97F-A0B1-4925-B214-7ACB3C1B46A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1B7536F5-DAF1-4B6E-8325-24635E53AC43}] => (Allow) D:\Games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{1E0D57ED-ED76-4305-8CDD-8804DF70B936}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{C8333DD7-5D62-484B-9597-0FC13ABF4C73}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{EA6E51CA-0664-4A97-835D-0F53B96F0732}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{AED0975E-CAF4-4D71-A8E5-94F0B7E781FE}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{434EC9AA-ACD3-4D26-AA5E-938FD2F8D3D8}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{57B9B32E-A366-44D2-A7AF-24102382E781}] => (Allow) D:\Games\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{7B71FD4A-1B6C-4877-8B8C-C11FD2086955}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{EDE8E181-E52B-4817-B81B-B7A0DEC2A287}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB909050-5EA2-420B-83F3-C4117947985A}] => (Allow) D:\Games\Steam\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{FFC29CE5-D24A-4361-AFA8-F38D080AF48A}] => (Allow) D:\Games\Steam\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{9895C013-371F-46DC-8423-BDBD1D18ECFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF937CFE-6847-442F-8F69-78DC69587A81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20C3AF04-5D1D-4ED1-AB27-79A27BD6A76F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46B1A993-D1C8-4AD4-8861-8B29AFA2E9ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31AF179B-9C29-4D40-AB14-95C4A6D83972}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{691312DE-41DF-4288-B1D1-EDE30FCB7FCA}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{8F374A25-E0AF-4004-B57C-7B41453CF9DC}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{1B62A6AB-0D32-49E1-995A-96593B4FEA50}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{357C6E9C-F782-450E-9252-A3846AB89400}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{1FEBE81F-1F6E-4BF0-82DA-455939B42F98}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{5EFF565D-94CA-40FC-B3BD-F1FB6D95B2ED}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{676C15D8-FEB9-4010-A3C3-4B292BF6D97C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{739C0AB6-24A3-4493-9FE9-8C1563CA19F3}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [TCP Query User{806B2BDA-5D88-4FAD-AFED-89C07325F882}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{361A25FB-1AA4-4A0F-91BA-275B37498791}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [{2020A14E-8874-4C1B-BFFF-D4BCD06DC2A3}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer Quest\WarhammerQuest.exe
FirewallRules: [{703813A3-1256-42E8-98AC-5964F19E2302}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer Quest\WarhammerQuest.exe
FirewallRules: [{5D5DAB35-11B7-4AD8-8048-57FE61342CC5}] => (Allow) D:\Games\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{A543A537-543C-4402-913B-C1D6DF6A9E3E}] => (Allow) D:\Games\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{EDC8DC2C-A319-402D-ACF1-1FC3DBC7B56F}] => (Allow) D:\Games\Steam\steamapps\common\Sword Coast Legends\SwordCoast.exe
FirewallRules: [{E6A6F540-F8D5-46C7-8D06-5F065DE26873}] => (Allow) D:\Games\Steam\steamapps\common\Sword Coast Legends\SwordCoast.exe
FirewallRules: [{67E30DE3-D0EB-4BCA-8EFD-7C0FA01E2AFB}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{3FF00560-F6B9-4BB8-893F-ED85D865E1C9}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{DB1A5ED8-1A70-400A-805D-5CC8C428843A}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{B653699B-CDF1-4FA3-8CE0-071DD4CE62D9}] => (Allow) D:\Games\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{44CE64FF-ED98-4C14-BE3B-7950CEC39C0A}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E41A5652-8DC8-4A28-ACCF-755430E8B530}] => (Allow) D:\Games\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB846C47-83F9-4A0D-A357-72AB2133F0EB}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{3209F767-7B5E-40DE-8D11-738CEFD52DE8}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{DAA6FA53-FE80-4480-B014-B03F2AD727D0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{CB853DBB-6642-4A79-BF96-C709962C6B66}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{61107D1F-0808-40D5-8B37-CFC615C8E9AF}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{80C1AFD2-3C60-45FF-8F35-20B2A7799EF7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{837246C0-2054-4D79-90D0-41CB2B44C2AE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{758D561B-B030-41C5-A8AA-8051AB8E73F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-06-2016 15:19:08 Dell Update: Realtek High-Definition Audio ALC3234 and ALC3246 Driver
06-06-2016 16:45:45 JRT Pre-Junkware Removal
06-06-2016 22:37:38 JRT Pre-Junkware Removal
08-06-2016 15:03:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2016 07:02:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c
Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x5726e510
Exception code: 0xc0000005
Fault offset: 0x00000000000d45a0
Faulting process id: 0xfdc
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
Faulting package full name: NvStreamNetworkService.exe4
Faulting package-relative application ID: NvStreamNetworkService.exe5

Error: (06/09/2016 07:02:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x864
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (06/09/2016 07:02:39 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2148) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/09/2016 07:02:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FALCHION)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/09/2016 03:36:51 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR

DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\Sources\Manager\WIPolicyCreateAll.cpp @ line 59
Executing Function:  WIPolicyCreateAll::execute
Message:  Unhandled exception caught during execution of work item
Policy File Name:  DptfPolicyActive.dll
Framework Event:  PolicyCreate [27]
Exception Function:  PolicyManager::createPolicy
Exception Text:  

DPTF Build Version:  8.1.10603.192
DPTF Build Date:  Aug  7 2015 10:44:44
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 457
Executing Function:  EsifServices::primitiveExecuteGet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  GET_ACTIVE_RELATIONSHIP_TABLE [89]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]

Error: (06/08/2016 03:45:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/08/2016 03:22:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


System errors:
=============
Error: (06/09/2016 12:37:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/09/2016 11:40:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/09/2016 10:45:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/09/2016 07:41:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/09/2016 07:02:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The State Repository Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/09/2016 07:02:36 AM) (Source: DCOM) (EventID: 10010) (User: FALCHION)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (06/09/2016 07:02:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/09/2016 07:02:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/09/2016 12:25:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_60a79 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/09/2016 12:25:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
  Date: 2016-06-09 03:47:51.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-09 03:47:51.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 08:03:59.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 08:03:59.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-06 22:14:17.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-06 22:14:16.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-16 02:41:20.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 22:34:19.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 19:27:18.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 03:16:34.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 16256.96 MB
Available physical RAM: 8888.64 MB
Total Virtual: 18688.96 MB
Available Virtual: 9700.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.96 GB) (Free:744.21 GB) NTFS
Drive d: (Games) (Fixed) (Total:465.63 GB) (Free:313.63 GB) NTFS
Drive e: () (Removable) (Total:28.96 GB) (Free:28.96 GB) FAT32
Drive f: (VAULT) (Removable) (Total:57.87 GB) (Free:55.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E42AA69E)

Partition: GPT.

========================================================
Disk: 2 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 29 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Mbam-check-2.3.2.0 Log:

Potential issues:
==============================

LAN Settings: No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 10  64 bit Operating System
Current Version and Build:         10.0.10586 OS Product Info: Home Edition


Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/09
Malware Database:                  2016.02.16.06
Rootkit Database:                  2016.02.08.01
Remediation Database:              2016.02.12.01
IP Database:                       2016.02.08.01
Domain Database:                   2016.02.16.08
License:                           Free
Malware Protection:                1 (The service is not running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/09 15:32:33

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: DefaultAccount
    Account Level: Guest
User Account: Guest
    Account Level: Guest
User Account: presence
    Account Level: Admin
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    0    Status: OFF

AntiVirus Information:
===================
AntiVirus Software Installed:    "Windows Defender"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Windows Defender"

Machine Information
===============================================
Machine ID:    351737100d18fee405806cbba610ca40b45398da
Installation Token:    couldn't Find installation_token
System has been up for:     8.49194 Hours
Current Date:    2016-Jun-09 21:32:34.042836
Date Booted:    2016-Jun-09 13:32:34.043337

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    D:\Games\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exeREG_SZ        HIGHDPIAWARE
    C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exeREG_SZ        HIGHDPIAWARE
    D:\GOG Games\Temple of Elemental Evil\ToEE.exeREG_SZ        RUNASADMIN HIGHDPIAWARE
    D:\GOG Games\Temple of Elemental Evil\TFE-X.exeREG_SZ        ~ RUNASADMIN


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 27008     BYTES    FileVersion: 0.1.16.0    MD5: [78bff5425e044086e74e78650a359fbb]
C:\Windows\system32\drivers\mwac.sys
File Size: 65408     BYTES    FileVersion: 1.0.6.0    MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES    FileVersion: 1.1.22.0    MD5: [1239597bab7eed2bb16d035af87e65d9]

--------------MBAMProtector:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl                  REG_DWORD        1
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    DependOnService               REG_MULTI_SZ    RpcSs

    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    ErrorControl                  REG_DWORD        3
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\Windows\system32\drivers\fltmgr.sys
File Size: 377696    BYTES    FileVersion: 6.2.10586.0    MD5: [25d7a58625e1453e40d36825de74e4f1]
C:\Windows\SysWOW64\comctl32.ocx
File Size: 609824    BYTES    FileVersion: 6.0.81.5    MD5: [e2bed335446b7321ff38a138b3962e8a]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES    FileVersion: 6.1.98.46    MD5: [273676426739b02a45a0fc9349500b65]
C:\Windows\SysWOW64\olepro32.dll
File Size: 88576     BYTES    FileVersion: 6.2.10586.162    MD5: [8ce4d365ef60da0a098757371dd43752]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              true
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Driver:                                           0
    Duration_Filesystem:                                       96000
    Duration_Heuristics:                                       8000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          44000
    Duration_Registry:                                         3000
    Duration_Sector:                                           0
    Duration_Startup:                                          7000
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      6890
    ItemCount_Heuristics:                                      108509
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        38948
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         447
    LastScanDateEpoch:                                         0
    LastScanType:                                              0 (No Previous Scans)
Update:
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Free
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false
--------------Access Policies:--------------

Scheduler Queue:
================


Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations    REG_MULTI_SZ    \??\C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll.old

 

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    WOW64                         REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0

MBAMScheduler Registry Values:
==============================

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local

LAN Settings:
=============

No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume3

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 922080    BYTES    FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                                 File Size: 1596      BYTES    FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                       File Size: 287200    BYTES    FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                   File Size: 352736    BYTES    FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                                 File Size: 38870     BYTES    FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 609760    BYTES    FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                    File Size: 9926112   BYTES    FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                                File Size: 2127840   BYTES    FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                                 File Size: 55264     BYTES    FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                                 File Size: 431072    BYTES    FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                                  File Size: 40928     BYTES    FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                            File Size: 1949152   BYTES    FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                           File Size: 1514464   BYTES    FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                             File Size: 1136608   BYTES    FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                                 File Size: 3863008   BYTES    FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
mbamtoast.dll                               File Size: 98272     BYTES    FileVersion:  1.70.0.0       MD5: [b55f6f7b61ae6070a6e023e11fda92ee]
msvcp100.dll                                File Size: 422880    BYTES    FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                                File Size: 775648    BYTES    FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                                 File Size: 4646880   BYTES    FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                                  File Size: 4640224   BYTES    FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                              File Size: 673248    BYTES    FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                              File Size: 4474848   BYTES    FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                                File Size: 37897     BYTES    FileVersion:  N/A            MD5: [1ea0e7f806d45700543b824d1f310356]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                             File Size: 1504736   BYTES    FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 929760    BYTES    FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 823776    BYTES    FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\Users\presence\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 4455      BYTES    FileVersion:  N/A            MD5: [e57e3639810c722c6cd44727b55743a7]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 419844    BYTES    FileVersion:  N/A            MD5: [107fee9482fd4ea95e15b039f9f45910]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 128189    BYTES    FileVersion:  N/A            MD5: [9802c698991af460d6bb6b69d221dd7e]
rules.ref                                   File Size: 9922313   BYTES    FileVersion:  N/A            MD5: [3e721913b4f3a2bea93f380517a208d1]
swissarmy.ref                               File Size: 27833     BYTES    FileVersion:  N/A            MD5: [b326a53b4fd81ef3da84b67e545ac235]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4599      BYTES    FileVersion:  N/A            MD5: [34156f15deb666ec84c1f7e7cd6db92c]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 7339      BYTES    FileVersion:  N/A            MD5: [19e447484ad8a98647fabbf1c9cb3525]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1808      BYTES    FileVersion:  N/A            MD5: [22aeb87e8f53b1710f8b00d381b7947f]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4179      BYTES    FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 6530      BYTES    FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1724      BYTES    FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE

 

Link to post
Share on other sites

  • Root Admin

Can you please ATTACH these logs. The forum layout can change the content as well as the line layout. I like to open the original files in an editor to scan for things.

Why do you have so many instances of Chrome if you're just updating these logs?

 

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Link to post
Share on other sites

  • Root Admin

We'll see. Many fixes need to have browsers and apps shut down. Have to run for a bit. Be back in a while and re-read your logs. If nothing obvious found we'll need to move on to Process Monitor probably and see if that can help us track down why it's not running.

 

Link to post
Share on other sites

  • Root Admin

The logs show that Windows 10 is having its own issues and needs to be repaired. I'm not saying this is the issue but you do need to try and fix Windows so that we know it's working well.

Please see the following site on running the repair.

How to Repair Windows 10 Image using DISM
http://www.tenforums.com/tutorials/7808-dism-repair-windows-10-image.html

Dism /Online /Cleanup-Image /RestoreHealth

 

Link to post
Share on other sites

Strangely, no errors when I run these tools:

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>dism /online /cleanup-image /checkhealth

Deployment Image Servicing and Management tool
Version: 10.0.10586.0

Image Version: 10.0.10586.0

No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>dism /online /cleanup-image /scanhealth

Deployment Image Servicing and Management tool
Version: 10.0.10586.0

Image Version: 10.0.10586.0

[==========================100.0%==========================]
No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>dism /online /cleanup-image /restorehealth

Deployment Image Servicing and Management tool
Version: 10.0.10586.0

Image Version: 10.0.10586.0

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

 

Link to post
Share on other sites