Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help clean my pc yet again.


  • This topic is locked This topic is locked
10 replies to this topic

#1 angaar

angaar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 May 2016 - 01:12 PM

   PC is running so slow. Games won't start or update. youtube hardly works. Here is latest Adware cleaner scan log.

 

# AdwCleaner v5.117 - Logfile created 25/05/2016 at 14:04:54
# Updated 15/05/2016 by Xplode
# Database : 2016-05-25.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Dee - DEXTER
# Running from : C:\Users\Dee\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1176 bytes] - [22/03/2016 18:06:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [1266 bytes] - [29/03/2016 15:49:08]
C:\AdwCleaner\AdwCleaner[C3].txt - [1627 bytes] - [09/04/2016 22:56:23]
C:\AdwCleaner\AdwCleaner[C4].txt - [2889 bytes] - [14/05/2016 23:19:22]
C:\AdwCleaner\AdwCleaner[C5].txt - [2735 bytes] - [14/05/2016 23:22:54]
C:\AdwCleaner\AdwCleaner[C6].txt - [2882 bytes] - [16/05/2016 09:11:37]
C:\AdwCleaner\AdwCleaner[C7].txt - [3029 bytes] - [16/05/2016 11:35:00]
C:\AdwCleaner\AdwCleaner[C8].txt - [1784 bytes] - [25/05/2016 14:04:54]
C:\AdwCleaner\AdwCleaner[S10].txt - [1620 bytes] - [11/04/2016 23:53:47]
C:\AdwCleaner\AdwCleaner[S11].txt - [1694 bytes] - [12/04/2016 10:58:36]
C:\AdwCleaner\AdwCleaner[S12].txt - [1768 bytes] - [12/04/2016 23:58:38]
C:\AdwCleaner\AdwCleaner[S13].txt - [1843 bytes] - [25/04/2016 15:58:19]
C:\AdwCleaner\AdwCleaner[S14].txt - [1942 bytes] - [28/04/2016 20:39:09]
C:\AdwCleaner\AdwCleaner[S15].txt - [2016 bytes] - [02/05/2016 11:36:57]
C:\AdwCleaner\AdwCleaner[S16].txt - [2090 bytes] - [10/05/2016 10:19:05]
C:\AdwCleaner\AdwCleaner[S17].txt - [2164 bytes] - [11/05/2016 09:30:38]
C:\AdwCleaner\AdwCleaner[S18].txt - [2238 bytes] - [11/05/2016 22:51:31]
C:\AdwCleaner\AdwCleaner[S19].txt - [2710 bytes] - [14/05/2016 23:18:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [990 bytes] - [22/03/2016 17:59:43]
C:\AdwCleaner\AdwCleaner[S20].txt - [2568 bytes] - [14/05/2016 23:22:16]
C:\AdwCleaner\AdwCleaner[S21].txt - [2715 bytes] - [16/05/2016 09:10:21]
C:\AdwCleaner\AdwCleaner[S22].txt - [2862 bytes] - [16/05/2016 11:33:32]
C:\AdwCleaner\AdwCleaner[S23].txt - [3441 bytes] - [25/05/2016 14:03:06]
C:\AdwCleaner\AdwCleaner[S24].txt - [3509 bytes] - [25/05/2016 14:04:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [889 bytes] - [22/03/2016 18:09:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [961 bytes] - [25/03/2016 21:05:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [1098 bytes] - [29/03/2016 15:48:14]
C:\AdwCleaner\AdwCleaner[S5].txt - [1181 bytes] - [29/03/2016 20:40:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [1254 bytes] - [02/04/2016 11:12:36]
C:\AdwCleaner\AdwCleaner[S7].txt - [1454 bytes] - [09/04/2016 22:53:48]
C:\AdwCleaner\AdwCleaner[S8].txt - [1473 bytes] - [10/04/2016 13:49:55]
C:\AdwCleaner\AdwCleaner[S9].txt - [1546 bytes] - [10/04/2016 14:06:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [3621 bytes] ##########
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:28 AM

Posted 25 May 2016 - 02:44 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
  • 1.
    Scan with Zemana AntiMalware Free:
    • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
    • Please download and install Zemana AntiMalware Free
    • Double-click software shortcut on the desktop and follow the prompts to install the program .
    • If an update is available, click the Update now button.
    • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
    • Auto Launch > Untick the box next
    • Scan type > Smart scan (Default)
    • Close all open files, folders and browsers
    • Click scan now ''Run as Administrator'' and a threat Scan will begin.
    • When the scan is complete, Press report and send me report.
    • Please PC restart now.
    2.
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 angaar

angaar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 May 2016 - 03:54 PM

I'm having a hard time trying to get Zemana to run. It installs, creates a desktop icon but then that icon disappears. I try going to install folder and double click on application to run and nothing.

 

edit: seems to be running. but it is scanning and i didn't click scan.


Edited by angaar, 25 May 2016 - 03:57 PM.


#4 angaar

angaar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 May 2016 - 04:00 PM

emana AntiMalware 2.20.179.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016-5-25
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-4460 CPU @ 3.20GHz
BIOS Mode              : Legacy
CUID                   : 00E076E4D23DF04ABB4B74
Scan Type              : Scheduled Scan
Duration               : 0m 52s
Scanned Objects        : 12329
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

USB\VID_054C&PID_0268 (libwdi autogenerated)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B0F34D8B96F8037808364C442A44C0AF86D69288\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B0F34D8B96F8037808364C442A44C0AF86D69288\Blob = 19000000010000001000000037499B1EEF0861DC9EE02514B14A43950F00000001000000140000003E759AADC35834587FBDBAFB2057CC2A08C75444030000000100000014000000B0F34D8B96F8037808364C442A44C0AF86D692880B000000010000000E0000006C00690062007700640069000000140000000100000014000000CE8DF41FDE645D3FAD6C3A44D8ADCD32BA46AEFE2000000001000000CC020000308202C830820231A0030201020210285B4FC4C81CD5B044DC2F93459788A9300D06092A864886F70D010105050030633161305F06035504031E58005500530042005C005600490044005F00300035003400430026005000490044005F003000320036003800200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3136303330373133323734325A170D3239303130313030303030305A30633161305F06035504031E58005500530042005C005600490044005F00300035003400430026005000490044005F003000320036003800200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930819F300D06092A864886F70D010101050003818D0030818902818100D27E5F19888E1CF76B7BB8A49BFBDFB2A5BC536369CD70BED6019319AE04A64F1934267F7087DB85AEC1CC0D01F419CE91FF34575D99DA2B1AD0F5CF14D31C2FA10A1F45D13F9229E828893A7B9E04C350EDAA99DECC5EBDE809BF270E4A1DD138CF4F975D7A35D675540BE41AB30AF088250FCC7779F3FC7CB4600D3E5A47C90203010001A37D307B30160603551D250101FF040C300A06082B0601050507030330200603551D07041930178615687474703A2F2F6C69627764692E616B656F2E6965303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D0101050500038181001FA137AA12EED905140FFAFCD716372B9562F82FEC20DD179AAD8133B4F599822B1D9ECDA2101034523F9BB4F36110089D59614B1E3291C505E524B25F0ED13F5CA9BF559B2819039C2EF37B0F5728BDAEBBC1D3CE85351B24608B3889C6C9377610593ADECC6025C8AA1CFA2A17B34B53B8145E6C7FF9C0965DA1DCA2D2A518

DigiCert Assured ID Code Signing CA-1
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\53E425C3FB93B9C0A0B3CD501BA2782EC65515EC\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\53E425C3FB93B9C0A0B3CD501BA2782EC65515EC\Blob = 190000000100000010000000B010A99BD54043BD8275CE1E643A129A0F000000010000001400000027938B39783737966FB836D703BC71E57A58752203000000010000001400000053E425C3FB93B9C0A0B3CD501BA2782EC65515EC140000000100000014000000D9412EFE98B8E1CE87E6D9330185410B8FE7A72F200000000100000087060000308206833082056BA00302010202100FA086E6DCEFEB28E3A2B11C6E4F69A5300D06092A864886F70D0101050500306F310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312E302C060355040313254469676943657274204173737572656420494420436F6465205369676E696E672043412D31301E170D3133303430343030303030305A170D3136303430373132303030305A304F310B30090603550406130244453110300E0603550407130748616D6275726731163014060355040A130D426967706F696E7420476D6248311630140603550403130D426967706F696E7420476D624830820122300D06092A864886F70D01010105000382010F003082010A0282010100A4141AA9757ACC20DE2714C66160B541F726281322F78AC2321A5FAA67EC51918D4BC240907CA8685774E50DBCCA5FA93039EC0E5E3F07AC607FAF86C38C3821BD8394DB550368724AAD7F935BB9FE73B3CA2F88F5A0BBEFB3124380ACB9C925FC3E7846FA355F512D86188FA77127D8B127EE9792F8AA826D3AA852440DAF0AD99DFD4B8F08D2063AA3CD060905494967405E9BBB26711D7DB983CC8EC69DC3D275C28037E8C714BA9F4C3ABD8C6F25038C1212D51E0445EDD47129FF1743BDB3174E16CB56A1FB72849CBFA40E69CD0AA7B98FAF713F6FD8E1FABB288791FA0C0271C43755C398BBF338B82B691CF2F0C289EAFB25EB8364A8567676C1756F0203010001A382033930820335301F0603551D230418301680147B68CE29AAC017BE497AE1E53FD6A7F7458F3532301D0603551D0E04160414D9412EFE98B8E1CE87E6D9330185410B8FE7A72F300E0603551D0F0101FF04040302078030130603551D25040C300A06082B0601050507030330730603551D1F046C306A3033A031A02F862D687474703A2F2F63726C332E64696769636572742E636F6D2F617373757265642D63732D32303131612E63726C3033A031A02F862D687474703A2F2F63726C342E64696769636572742E636F6D2F617373757265642D63732D32303131612E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0301308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E30818206082B0601050507010104763074302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304C06082B060105050730028640687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274417373757265644944436F64655369676E696E6743412D312E637274300C0603551D130101FF04023000300D06092A864886F70D01010505000382010100357CDEA0FCEFE289C515A7DD6E35ECD5E6388FC113A8A15B95EF30418BAC8CE543E3E5A6B953EA2C930557AA4391174C14DB53C0D35F14F4066D334FB3660D254608523463B66096538A1898BAE2592CA439A7BABD6E5595120672854EDF6AA38A0B64E337747D49D8817A697CE075C2E3BF6031DDA25F4F83D7CF0FC01925FE6AD81030041D9CAEDEF9FD24923D0F1598A1E212DBC7EFFA4CF9DBCE5C2586B3D81BA33136F8E1FCA08F4E141700A9113D802B1936185739F5ED88DD19BFB09AB986534A06E7D099428EDC62F64D757428C5E0BF923ED6487B296642392FC12DCBE83BA8A3B532D51AƯྦྷ籄턄ƯðDigiCert SHA2 Assured ID Code Signing CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3521A51E85463226BC948F5E77821E8820A49F9C\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3521A51E85463226BC948F5E77821E8820A49F9C\Blob = 19000000010000001000000035C2CDEEBF84C1598EA8EA7694FECD5D0F000000010000002000000039A844192E5C625FA8B4C7060988C2981E673C97FED383B4BAFCBDA6C8AA60900300000001000000140000003521A51E85463226BC948F5E77821E8820A49F9C140000000100000014000000A504385BFBC5874FC66E9062A56AA71F4A3DB54D20000000010000001605000030820512308203FAA003020102021008C34635AB9215BA72F239F2BB239318300D06092A864886F70D01010B05003072310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3131302F0603550403132844696769436572742053484132204173737572656420494420436F6465205369676E696E67204341301E170D3136303230333030303030305A170D3139303530323132303030305A304F310B30090603550406130244453110300E0603550407130748616D6275726731163014060355040A130D426967706F696E7420476D6248311630140603550403130D426967706F696E7420476D624830820122300D06092A864886F70D01010105000382010F003082010A0282010100A8FCCF458380214997AAF2FBF02997D6F3537F78756C9E006897336CFC0721AA11EDCFD44DD1D9D2887F8AF0B2FED9C26D29E990A38246CE26D60196FE99B1A4AB9421AF6B9FDF18CBE7F737D35631DB8E8275C5F3A51CDA88F43B5D2701D76F32FC3A4F81635EF670B579FCA2F5FC5413CCA0FEB2C825B14CF43499B0C351761D556C68B021863078F161BB1C6E6F165AAD33CFEA705293F9FA0618E2E223882E5BF0C1791DBB4FEAA5966F579939B7B50F134E77504AEE8999A2E4E050610093AFCC2BBFC4256D3F0828EAD26DF346F91BDF1B5906D8F05D4D44233A527E2EC61B4103AD7665D8A608EB1F5D21288ADB78ABD5EB507C9B6B0B7BA0B6EEDB7B0203010001A38201C5308201C1301F0603551D230418301680145AC4B97B2A0AA3A5EA7103C060F92DF665750E58301D0603551D0E04160414A504385BFBC5874FC66E9062A56AA71F4A3DB54D300E0603551D0F0101FF04040302078030130603551D25040C300A06082B0601050507030330770603551D1F0470306E3035A033A031862F687474703A2F2F63726C332E64696769636572742E636F6D2F736861322D617373757265642D63732D67312E63726C3035A033A031862F687474703A2F2F63726C342E64696769636572742E636F6D2F736861322D617373757265642D63732D67312E63726C304C0603551D2004453043303706096086480186FD6C0301302A302806082B06010505070201161C68747470733A2F2F7777772E64696769636572742E636F6D2F4350533008060667810C01040130818406082B0601050507010104783076302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304E06082B060105050730028642687474703A2F2F636163657274732E64696769636572742E636F6D2F446967694365727453484132417373757265644944436F64655369676E696E6743412E637274300C0603551D130101FF04023000300D06092A864886F70D01010B050003820101001F8798EC4AA0D04B25FCE8D8B97B9EF540A019EF632C1969B1F602CC5813B1B5295FF07A66EDD4F6DD96556AD255CB546CC5324448A0386CA4BD8CF70E2D7CD87D1BDBA90D3E0022D1DDDC0E642E70EABB9BE80C7966FC085E0E6CDC12DBA342B45A46F675E64E6D8F47E6A376234329007EE11C64A366F764963CF536E884327094B000431F64A742F588DAB9E07804709BB530BA832963686D2EC639A416AACFAB163758E40769496AB775444FB68CA1CF9931330783CAD2F5E3E8573C38E6A67FF4C36CE8ACC8CEFAB0576CB36F27E5ADBE80C6785981DCEF381E4042B7C102741A7B1D6E79666D41E9994A000657EC41B5492708A18DF0F8A1CB1BF6EAC7


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:28 AM

Posted 25 May 2016 - 04:03 PM

The FRST.txt and Addition.txt please?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 angaar

angaar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 May 2016 - 04:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by Dee (administrator) on DEXTER (25-05-2016 17:02:57)
Running from C:\Users\Dee\Desktop
Loaded Profiles: Dee (Available Profiles: User & Dee)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Dee\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Users\Dee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\Run: [Google Update] => C:\Users\Dee\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-24] (Google Inc.)
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-02-29]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-04-17]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-31] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23
Tcpip\..\Interfaces\{1e0a3af4-f1e2-4e53-a652-864cb390df8b}: [DhcpNameServer] 64.140.114.21 64.140.114.22 64.140.114.23

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?hl=en&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-08-23] (Eyeo GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-08-23] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\tfca9pnf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2016-04-04] (Reto-Moto ApS)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3311186725-2389629427-1582189158-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3311186725-2389629427-1582189158-1002: @talk.google.com/O1DPlugin -> C:\Users\Dee\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3311186725-2389629427-1582189158-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3311186725-2389629427-1582189158-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF user.js: detected! => C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\tfca9pnf.default\user.js [2016-05-14]
FF Plugin ProgramFiles/Appdata: C:\Users\Dee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dee\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Adblock Plus - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\tfca9pnf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-18] ()
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [240416 2016-05-01] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3884464 2015-11-16] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-03] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-03-26] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-03-26] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2016-03-07] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 1999-12-31] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202656 2016-05-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-25] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 17:02 - 2016-05-25 17:03 - 00017059 _____ C:\Users\Dee\Desktop\FRST.txt
2016-05-25 17:02 - 2016-05-25 17:02 - 02383360 _____ (Farbar) C:\Users\Dee\Desktop\FRST64.exe
2016-05-25 17:01 - 2016-05-25 17:02 - 00000551 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-25 17:01 - 2016-05-25 17:01 - 00030060 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-25 17:01 - 2016-05-25 17:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-25 17:01 - 2016-05-25 17:01 - 00000000 ___HD C:\OneDriveTemp
2016-05-25 16:54 - 2016-05-25 16:54 - 00001155 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-05-25 16:54 - 2016-05-25 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-05-25 16:47 - 2016-05-25 16:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-05-25 16:42 - 2016-05-25 16:43 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dee.job
2016-05-25 16:42 - 2016-05-25 16:42 - 00002466 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Dee
2016-05-25 16:39 - 2016-05-25 16:39 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-05-25 16:38 - 2016-05-25 16:38 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-05-25 16:37 - 2016-05-25 16:37 - 00000000 ____D C:\Users\Dee\AppData\Local\Zemana
2016-05-25 16:36 - 2016-05-25 16:36 - 05543656 _____ ( ) C:\Users\Dee\Downloads\Zemana.AntiMalware.Setup.exe
2016-05-25 14:45 - 2016-05-25 14:45 - 00000000 ____D C:\Program Files\Heroes & Generals
2016-05-25 14:45 - 2016-05-25 14:45 - 00000000 ____D C:\Program Files (x86)\HeroesAndGenerals
2016-05-25 14:03 - 2016-05-25 14:03 - 03651136 _____ C:\Users\Dee\Downloads\AdwCleaner.exe
2016-05-25 13:35 - 2016-05-25 13:35 - 00000222 _____ C:\Users\Dee\Desktop\Heroes & Generals.url
2016-05-24 10:11 - 2016-05-24 10:11 - 01079260 _____ C:\WINDOWS\Minidump\052416-4843-01.dmp
2016-05-24 10:11 - 2016-05-24 10:11 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-23 19:55 - 2016-05-23 19:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-23 19:55 - 2016-05-19 21:57 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-05-23 19:55 - 2016-05-03 22:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-05-23 19:55 - 2016-05-03 22:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-05-23 19:55 - 2016-05-03 22:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-05-23 19:55 - 2016-05-03 22:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-05-23 19:54 - 2016-05-23 19:55 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-05-23 19:53 - 2016-05-22 17:02 - 13509184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-23 19:53 - 2016-05-21 17:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-05-23 19:53 - 2016-05-21 17:09 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-05-23 19:53 - 2016-05-21 17:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 31639096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 25401280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 21802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 21346520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 20305768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 18145256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 17740664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 17662432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 17379520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 14410024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 10642912 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 08733280 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 03811440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 03371648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 02791360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 02419768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00786360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00772152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00708032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00631104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00379480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00178136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00153416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00131768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-05-23 19:53 - 2016-05-20 04:03 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-23 19:53 - 2016-05-20 04:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-05-23 19:53 - 2016-05-20 04:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-05-23 18:09 - 2016-05-23 18:09 - 00002397 _____ C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-22 21:17 - 2016-05-22 21:17 - 00000000 _____ C:\BnetLog.txt
2016-05-22 21:16 - 2016-05-22 21:20 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-05-22 21:16 - 2016-05-22 21:16 - 00001154 _____ C:\Users\Public\Desktop\Diablo II.lnk
2016-05-22 21:16 - 2016-05-22 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-05-22 21:05 - 2016-05-22 21:16 - 00000000 ____D C:\Users\Dee\D2-1.14b-Installer-enUS
2016-05-22 21:05 - 2016-05-22 21:05 - 00000000 ____D C:\Program Files (x86)\D2
2016-05-22 21:04 - 2016-05-22 21:04 - 02769984 _____ (Blizzard Entertainment) C:\Users\Dee\Downloads\Downloader_Diablo2_enUS.exe
2016-05-22 16:10 - 2016-05-22 16:10 - 00002208 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2016-05-22 16:10 - 2016-05-22 16:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-22 16:10 - 2016-05-22 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2016-05-18 16:34 - 2016-05-18 16:34 - 00001683 _____ C:\Users\Dee\Desktop\Robocraft Launcher.lnk
2016-05-18 16:34 - 2016-05-18 16:34 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft Launcher
2016-05-16 11:34 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Apple Computer
2016-05-16 09:09 - 2016-05-16 09:09 - 03651136 _____ C:\Users\Dee\Downloads\adwcleaner_5.117.exe
2016-05-15 11:57 - 2016-05-15 11:57 - 00001563 _____ C:\Users\Dee\Desktop\Diablo III.lnk
2016-05-14 11:37 - 2016-05-11 15:57 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-14 11:37 - 2016-05-11 15:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 14:28 - 2016-05-10 00:05 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436519.dll
2016-05-13 14:28 - 2016-05-10 00:05 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436519.dll
2016-05-13 14:24 - 2016-05-02 01:39 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-05-13 14:24 - 2016-05-02 01:38 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-05-13 14:24 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-13 14:24 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-13 14:24 - 2016-04-14 01:38 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-05-12 15:07 - 2016-05-12 15:07 - 68071424 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-05-12 15:07 - 2016-05-12 15:07 - 05840896 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2016-05-12 15:07 - 2016-05-12 15:07 - 00348160 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-05-12 15:07 - 2016-05-12 15:07 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-05-12 15:07 - 2016-05-12 15:07 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-05-12 15:06 - 2016-05-20 00:11 - 00000000 ____D C:\ProgramData\ProductData
2016-05-12 15:06 - 2016-05-12 15:06 - 00000000 ____D C:\Users\Dee\AppData\Roaming\ProductData
2016-05-12 15:05 - 2016-05-16 11:34 - 00000000 ____D C:\Users\Dee\AppData\LocalLow\IObit
2016-05-12 15:05 - 2016-05-12 15:45 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-05-12 15:05 - 2016-05-12 15:05 - 00001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-05-12 15:05 - 2016-05-12 15:05 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-05-12 15:05 - 2016-05-12 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-05-12 15:04 - 2016-05-25 14:21 - 00000000 ____D C:\ProgramData\IObit
2016-05-12 15:04 - 2016-05-16 11:34 - 00000000 ____D C:\Program Files (x86)\IObit
2016-05-12 15:04 - 2016-05-12 15:06 - 00000000 ____D C:\Users\Dee\AppData\Roaming\IObit
2016-05-11 09:46 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 09:46 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 09:46 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 09:46 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 09:46 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 09:46 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 09:46 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 09:46 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 09:46 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 09:46 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 09:46 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 09:46 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 09:46 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 09:46 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 09:46 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 09:46 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 09:46 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 09:46 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 09:46 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 09:46 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 09:46 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 09:46 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 09:46 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 09:46 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 09:46 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 09:46 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 09:46 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 09:46 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 09:46 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 09:46 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 09:46 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 09:46 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 09:46 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 09:46 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 09:46 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 09:46 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 09:46 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 09:46 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 09:46 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 09:46 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 09:46 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 09:46 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 09:46 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 09:46 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 09:46 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 09:46 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 09:46 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 09:46 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 09:46 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 09:46 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 09:46 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 09:46 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 09:46 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 09:46 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 09:46 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 09:46 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 09:46 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 09:46 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 09:46 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 09:46 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 09:46 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 09:46 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 09:46 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 09:46 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 09:46 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 09:46 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 09:46 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 09:46 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 09:46 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 09:46 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 09:46 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 09:46 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 09:46 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 09:46 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 09:46 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 09:46 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 09:46 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 09:46 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 09:46 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 09:46 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 09:46 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 09:46 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 09:46 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 09:46 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 09:46 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 09:46 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 09:46 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 09:46 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 09:46 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 09:46 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 09:46 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 09:46 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 09:46 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 09:46 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 09:46 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 09:46 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 09:46 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 09:46 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 09:46 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 09:46 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 09:46 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 09:46 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 09:46 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 09:46 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 09:46 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 09:46 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 09:46 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 09:46 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 09:46 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 09:46 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 09:46 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 09:46 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 09:46 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 09:46 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 09:46 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 09:46 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 09:46 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 09:46 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 09:46 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 09:46 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 09:46 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 09:46 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 09:46 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 09:46 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 09:46 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 09:46 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 09:46 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 09:46 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 09:46 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 09:46 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 09:46 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 09:46 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 09:46 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 09:46 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 09:46 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 09:46 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 09:46 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 09:46 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 09:46 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 09:46 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 09:46 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 09:46 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 09:46 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 09:46 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 09:46 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 09:46 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 09:46 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 09:45 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 09:45 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 09:45 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 09:45 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 09:45 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 09:45 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 09:45 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 09:45 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 09:45 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 09:45 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 09:45 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 09:45 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 09:45 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 09:45 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 09:45 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 09:45 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 09:45 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 09:45 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 09:45 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 09:45 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 20:57 - 2016-05-24 21:02 - 00000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002Core.job
2016-05-06 15:53 - 2016-05-06 15:53 - 08696609 _____ C:\D2DV_IX86_1xx_114c.mpq
2016-05-04 22:51 - 2016-05-11 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:38 - 2016-05-24 15:29 - 00000080 _____ C:\Users\Dee\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-04 18:38 - 2016-05-04 18:39 - 00000000 ____D C:\Users\Dee\Documents\Rockstar Games
2016-05-04 18:38 - 2016-05-04 18:39 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-05-04 18:38 - 2016-05-04 18:38 - 00000000 ____D C:\Users\Dee\AppData\Local\Rockstar Games
2016-05-04 18:37 - 2016-05-04 18:38 - 00000000 ____D C:\Program Files\Rockstar Games
2016-05-04 18:37 - 2016-05-04 18:37 - 00002016 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2016-05-04 18:37 - 2016-05-04 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-05-04 18:34 - 2016-05-04 18:36 - 185404072 _____ (Rockstar Games) C:\Users\Dee\Downloads\GTAV_Setup_Tool.exe
2016-05-04 00:36 - 2016-05-04 00:36 - 00000000 ____D C:\Users\Dee\AppData\Roaming\OBS
2016-05-03 22:28 - 2016-05-23 19:48 - 00001278 _____ C:\Users\Dee\Desktop\Uplay.lnk
2016-05-03 22:28 - 2016-05-03 22:32 - 00000000 ____D C:\Users\Dee\AppData\Local\Ubisoft Game Launcher
2016-05-03 22:28 - 2016-05-03 22:28 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-05-03 22:28 - 2016-05-03 22:28 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-05-03 22:23 - 2016-05-03 22:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 22:22 - 2016-05-03 22:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-05-03 16:37 - 2016-05-03 16:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-05-02 18:54 - 2016-05-04 15:47 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-05-02 18:54 - 2016-05-04 15:47 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-05-02 11:33 - 2016-04-27 10:33 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436510.dll
2016-05-02 11:33 - 2016-04-27 10:33 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436510.dll
2016-05-01 10:26 - 2016-05-01 10:26 - 00000222 _____ C:\Users\Dee\Desktop\Rust.url
2016-04-26 19:58 - 2016-04-26 19:58 - 00000000 ____D C:\Program Files (x86)\Webzen
2016-04-26 19:53 - 2016-04-26 19:53 - 00000000 ____D C:\download
2016-04-26 13:54 - 2016-04-26 14:09 - 00000000 ____D C:\Users\Dee\Downloads\The Huntsman Winters War 2016 HD-TS x264 AC3 Exclusive-CPG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 17:02 - 2016-03-17 02:27 - 00000000 ____D C:\FRST
2016-05-25 17:02 - 2015-07-13 11:59 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002UA.job
2016-05-25 17:01 - 2016-03-06 14:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-25 17:01 - 2016-03-06 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-25 17:01 - 2015-07-01 15:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-25 17:01 - 2015-06-24 16:26 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-25 17:01 - 2015-06-24 14:50 - 00000000 __RDO C:\Users\Dee\OneDrive
2016-05-25 17:01 - 2015-06-24 14:48 - 00000000 __SHD C:\Users\Dee\IntelGraphicsProfiles
2016-05-25 17:00 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-25 16:58 - 2016-03-06 14:27 - 00000000 ____D C:\Users\Dee
2016-05-25 16:49 - 2016-03-30 01:38 - 00003663 _____ C:\Users\Dee\Desktop\New Text Document.txt
2016-05-25 16:49 - 2016-03-06 14:36 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-25 16:49 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-25 16:37 - 2015-06-24 16:26 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 16:36 - 2015-06-24 14:59 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Skype
2016-05-25 16:32 - 2015-10-20 15:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-25 16:26 - 2015-06-24 15:06 - 00000000 ____D C:\Users\Dee\AppData\Local\Battle.net
2016-05-25 16:24 - 2016-04-12 23:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-25 15:33 - 2015-06-24 15:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-25 14:42 - 2016-02-22 22:41 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-25 14:04 - 2016-03-22 17:59 - 00000000 ____D C:\AdwCleaner
2016-05-25 13:58 - 2016-02-22 19:03 - 00000000 ____D C:\Users\Dee\AppData\LocalLow\Adblock Plus for IE
2016-05-25 13:46 - 2015-10-20 15:42 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-25 10:35 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-25 10:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-24 20:34 - 2015-06-24 15:07 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-05-24 10:11 - 2015-04-17 20:19 - 695390040 _____ C:\WINDOWS\MEMORY.DMP
2016-05-23 19:55 - 2016-03-06 14:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-23 19:55 - 2015-04-17 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-22 21:17 - 2015-06-24 15:06 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-05-22 19:54 - 2015-09-11 17:48 - 00002231 _____ C:\Users\Dee\Desktop\erer.txt
2016-05-21 14:33 - 2016-03-06 15:01 - 00325368 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-05-20 19:43 - 2015-06-24 14:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-20 00:46 - 2015-07-28 21:02 - 00000000 ____D C:\Users\Dee\AppData\LocalLow\Heroes and Generals
2016-05-19 22:08 - 2016-03-06 14:27 - 06348344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-19 22:08 - 2016-03-06 14:27 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-19 22:08 - 2016-03-06 14:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-19 22:08 - 2016-03-06 14:27 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-19 22:08 - 2016-03-06 14:27 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-19 22:08 - 2016-03-06 14:27 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-19 22:08 - 2015-12-22 12:32 - 00533560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-19 22:08 - 2015-12-22 12:32 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-18 16:34 - 2015-10-09 22:21 - 00000000 ____D C:\Games
2016-05-18 09:52 - 2015-12-15 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-18 09:52 - 2015-06-24 14:59 - 00000000 ____D C:\ProgramData\Skype
2016-05-18 04:37 - 2016-03-06 14:27 - 06448223 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-15 18:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-14 11:37 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 14:24 - 2015-06-24 14:48 - 00000000 ____D C:\Users\Dee\AppData\Local\NVIDIA
2016-05-12 19:24 - 2016-04-12 23:58 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-12 15:09 - 2016-03-06 17:25 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-12 01:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-11 23:30 - 2016-03-06 14:35 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 23:29 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 23:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 23:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 23:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 09:54 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 09:54 - 2015-06-25 03:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 09:51 - 2015-06-25 03:32 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 09:29 - 2016-02-22 22:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-10 20:57 - 2015-07-13 11:59 - 00004028 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002UA
2016-05-10 20:57 - 2015-07-13 11:59 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002Core
2016-05-10 20:32 - 2015-06-24 16:26 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:32 - 2015-06-24 16:26 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-05 15:26 - 2016-01-14 17:55 - 00000000 ____D C:\Users\Dee\AppData\Local\CrashDumps
2016-05-05 13:14 - 2015-06-24 14:48 - 00000000 ____D C:\Users\Dee\AppData\Local\Packages
2016-05-04 18:37 - 2015-04-17 20:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-04 18:35 - 2015-10-19 10:34 - 00002017 _____ C:\Users\Dee\Desktop\ips.txt
2016-05-04 09:31 - 2015-07-19 18:30 - 00000000 ____D C:\ProgramData\Origin
2016-05-04 00:33 - 2015-06-24 19:43 - 00000000 ____D C:\Users\Dee\Documents\My Games
2016-05-03 16:37 - 2015-07-19 18:30 - 00000000 ____D C:\Program Files (x86)\Origin
2016-05-02 17:54 - 2015-10-09 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-02 14:03 - 2015-11-15 17:31 - 00001592 _____ C:\Users\Dee\Desktop\Email.txt
2016-05-02 01:39 - 2015-04-17 20:43 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-05-02 01:38 - 2015-12-01 23:55 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-05-02 01:38 - 2015-04-17 20:43 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-05-01 10:35 - 2015-06-26 23:17 - 00240416 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-04-27 23:33 - 2015-06-24 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-26 19:52 - 2015-11-23 23:26 - 00000000 ____D C:\ProgramData\WEBZEN

==================== Files in the root of some directories =======

2016-03-25 21:21 - 2016-03-25 21:21 - 0192829 _____ () C:\Users\Dee\AppData\Local\ars.cache
2016-03-25 21:21 - 2016-03-25 21:21 - 0598003 _____ () C:\Users\Dee\AppData\Local\census.cache
2016-03-25 21:14 - 2016-03-25 21:14 - 0000036 _____ () C:\Users\Dee\AppData\Local\housecall.guid.cache
2016-03-25 21:17 - 2016-03-25 21:17 - 0000010 _____ () C:\Users\Dee\AppData\Local\sponge.last.runtime.cache
2016-03-06 14:27 - 2016-03-06 14:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Dee\AppData\Local\Temp\libeay32.dll
C:\Users\Dee\AppData\Local\Temp\msvcr120.dll
C:\Users\Dee\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-25 14:56

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Ran by Dee (2016-05-25 17:03:51)
Running from C:\Users\Dee\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-06 18:35:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3311186725-2389629427-1582189158-500 - Administrator - Disabled)
Dee (S-1-5-21-3311186725-2389629427-1582189158-1002 - Administrator - Enabled) => C:\Users\Dee
DefaultAccount (S-1-5-21-3311186725-2389629427-1582189158-503 - Limited - Disabled)
Guest (S-1-5-21-3311186725-2389629427-1582189158-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3311186725-2389629427-1582189158-1004 - Limited - Enabled)
User (S-1-5-21-3311186725-2389629427-1582189158-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{66A71D83-289C-4521-A986-F62AE7E7BC5F}) (Version: 1.4.798 - Eyeo GmbH)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - Crate Entertainment)
H&R Block 2015 1.5 (HKLM-x32\...\{7E4C0771-A265-496C-A1DD-7865E590AF96}) (Version: 1.5 - H&R Block)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.142 - IObit)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 362.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.6.1.5336 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\{c230e92b-403e-419d-a09e-2f615180741e}) (Version: 2.2.2.56756 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.2.56756 - Grinding Gear Games) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
Robocraft Launcher version 0.4 (HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.4 - Freejam Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.613 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dee\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {112E0163-D807-46AE-993B-86FAF8C57DEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2E251C33-FAFA-4C48-941C-7A23CF11CCE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002Core => C:\Users\Dee\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {3AD8C326-8A99-4E82-BD3A-B3C5DAA844BF} - System32\Tasks\Uninstaller_SkipUac_Dee => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-04-27] (IObit)
Task: {406C74AF-871B-4232-BDA1-9719BFC1D855} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {58F35BA7-1CA2-49E6-B3E0-84FE80ACDCA1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {8DBC9E6F-23A0-4FE4-9ECE-EA69BD60D788} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002UA => C:\Users\Dee\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {9131F407-8D9C-453A-B902-DA7E8CD6BA64} - System32\Tasks\pc shut down at night => shutdown
Task: {9441E460-31A2-471D-B024-A5047938D6F5} - System32\Tasks\shut down => shutdown
Task: {BCFA78F7-77C3-4C7D-88CD-A8E3A6508DDB} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {D4C3A0D4-AD73-4D60-B5E2-6E3193DD01A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {EEF4EC76-71EF-42D5-9B78-907AA381AAA6} - System32\Tasks\IntelMemoryDiagnostic => %ApplicationDataFolder%\d3dx10.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002Core.job => C:\Users\Dee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3311186725-2389629427-1582189158-1002UA.job => C:\Users\Dee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dee.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-06 14:27 - 2016-05-19 22:08 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-12 01:43 - 2016-05-12 01:43 - 00307712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\8646218657a9e1a03dfd1082f11cb43d\ReactiveSockets.ni.dll
2014-05-02 12:52 - 2014-05-02 12:52 - 00599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 07:55 - 2014-05-02 07:55 - 00185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 07:05 - 2014-05-02 07:05 - 00173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2015-08-28 17:30 - 2016-03-26 11:49 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2016-05-13 14:24 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-13 14:24 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-13 14:24 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-13 14:24 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-28 13:53 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-28 13:53 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-28 13:53 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-23 11:14 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-14 09:50 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 09:50 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-23 18:09 - 2016-05-23 18:09 - 00959168 _____ () C:\Users\Dee\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-25 16:48 - 2016-05-25 16:48 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-03-06 17:23 - 2016-03-06 17:23 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 09:45 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 09:46 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 09:46 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 09:46 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 09:46 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 14:24 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-13 14:24 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-12 15:05 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-04-20 11:57 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-23 18:09 - 2016-05-23 18:09 - 00679624 _____ () C:\Users\Dee\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-12 15:05 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-05-12 15:05 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-06-24 16:28 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dee:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-02-27 11:31 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 64.140.114.21 - 64.140.114.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3311186725-2389629427-1582189158-1002\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{22C086E8-9520-4675-9647-DF5C2857CD5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCAB0499-5859-4C37-99E6-D4C0EF1DF113}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11E74A00-6EAA-410A-8721-A9FAE1B84285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{E5FFB1AB-5D1E-4B0E-9CF7-25D0520D89F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{F267F233-9296-4DD0-93EA-4BE2E12BA41A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{03B34DDD-C414-43F5-96E0-8188858751AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{16217159-4A14-4130-9626-02F113F6211F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CAD5479A-D4DA-4AA0-9CA3-6978A34DAC94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B326726F-9DD9-44E5-A6E1-720896C1C9E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CD669436-9B9D-4427-A9C0-CD5C5F3B2F78}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A36C3FF7-C8C9-46A6-B65D-897ACB0CFFFA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0E62C935-7DC8-486D-9D2C-C105507917EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B223E0AE-0389-4638-BB3B-5FC2223BFFE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{42C46D14-39FB-48D9-8909-2A42B4327250}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6FEB6FE3-44AA-4A3F-8C12-94537F73C521}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9D4C185-335D-4FEF-AF30-37E340940DD3}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{C1E92581-F09C-4220-9B7F-B7477B4805A4}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{EFB5E7F3-CF86-4571-BF9B-3AB8C8546445}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5E6C8981-0C38-4633-AD71-26D8EA71DD64}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{4E6612AF-B425-4514-859A-670BF7C0A663}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5CDA0E83-7CE5-4F6D-8EB7-7A2F1509E154}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7E66AE27-FDE0-43DF-8EE9-67D9550D6352}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BB3B4105-736D-4D92-B669-43E3DF4C2F31}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{859BBA66-5848-45D9-96F7-908280CFCA7C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{115844FA-2CC6-4549-B469-93DABA629BB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D1BA9572-0D09-4DBF-936F-53476EF7A043}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E8D2EAB2-7EB7-4DF7-BE26-186E51983400}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2CF431F8-2654-4C15-B153-32234F30043D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{2CC5E347-8F95-449B-B427-89E87083220E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{6F7D8F53-99B5-4B98-97F7-4BDD6BBFE0A9}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{91E9A28B-A03C-4352-A0E1-C8145CE30338}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{91F4F54D-E084-49B5-BFF1-64DA776D1FCF}C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe] => (Block) C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe
FirewallRules: [UDP Query User{EFF54432-A46B-477F-806A-D0F7B49676B3}C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe] => (Block) C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe
FirewallRules: [{FC7F7261-9A18-4039-A426-2F6A77EBF055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{693C8108-249B-47DB-A327-933CFC52217A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [TCP Query User{0BBDE9A1-8328-4CA9-8F00-7B24EEE62566}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{07E5BE5C-7278-4B90-84D8-1E86FD8082B1}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{4D8AE30B-4CF5-4081-8794-26DAA9FC4A8F}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{4CF2BB77-A435-466D-A3F5-17CAE9531C38}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{10C9EA7B-C66F-4204-A779-C359C845A9A0}C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe] => (Block) C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe
FirewallRules: [UDP Query User{1DB1B9F7-E59D-41CE-96C5-BFD0D03109CA}C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe] => (Block) C:\games\igg-empyrion.galactic.survival.v1.2.0\empyrion.exe
FirewallRules: [TCP Query User{FF14AD65-4DEB-49C5-B9C4-AD24A3AE00E0}C:\users\dee\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\dee\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{F22B7B61-8495-4998-B1B6-3CA4B9091862}C:\users\dee\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\dee\downloads\downloader_diablo2_enus.exe
FirewallRules: [{A3EDE3A1-6DCB-43CC-9593-D62A4FCD74E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F53CF425-7DA2-45D3-8AAA-C4616C5D3051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{BAD0F4D0-F07A-4634-B819-8C118FB79BB7}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe
FirewallRules: [{64DD4C33-DFCE-48DD-BE75-6C837D620A2B}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe

==================== Restore Points =========================

22-05-2016 16:10:38 Path of Exile

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2016 04:51:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10586.306 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ce4

Start Time: 01d1b6c715d2d2ff

Termination Time: 24

Application Path: C:\Windows\explorer.exe

Report Id: 64444857-22ba-11e6-834b-fcaa14a6e373

Faulting package full name:

Faulting package-relative application ID:

Error: (05/25/2016 04:50:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10586.306 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1340

Start Time: 01d1b6c62dee620d

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 52e48c55-22ba-11e6-834b-fcaa14a6e373

Faulting package full name:

Faulting package-relative application ID:

Error: (05/25/2016 02:05:46 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6996) {5302ED07-9960-4C39-9595-C3A5C15CD5F1}: Database recovery/restore failed with unexpected error -543.

Error: (05/25/2016 02:05:45 PM) (Source: ESENT) (EventID: 453) (User: )
Description: SettingSyncHost (6996) {5302ED07-9960-4C39-9595-C3A5C15CD5F1}: Database C:\Users\Dee\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb requires logfiles 8-9 (C:\Users\Dee\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00008.log - C:\Users\Dee\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 8 (SettingSyncHost0).

Error: (05/25/2016 02:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x970
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (05/25/2016 02:05:01 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2416) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (05/25/2016 01:19:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000005
Fault offset: 0x0000000000067e3c
Faulting process id: 0x2390
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5

Error: (05/24/2016 10:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000005
Fault offset: 0x0000000000067e3c
Faulting process id: 0x1764
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5

Error: (05/24/2016 03:43:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GTA5.exe version 1.0.678.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: dd8

Start Time: 01d1b5f29a8dda61

Termination Time: 4294967295

Application Path: C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe

Report Id: d2dff471-21e7-11e6-8349-fcaa14a6e373

Faulting package full name:

Faulting package-relative application ID:

Error: (05/24/2016 01:10:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: Windows.Gaming.Input.dll, version: 10.0.10586.0, time stamp: 0x5632da39
Exception code: 0xc0000005
Fault offset: 0x000000000000eecd
Faulting process id: 0x2ac
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report Id: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5


System errors:
=============
Error: (05/25/2016 05:04:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (05/25/2016 05:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4559b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 05:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4559b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 05:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4559b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 05:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4559b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 05:00:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2016 04:49:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/25/2016 04:47:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (05/25/2016 04:43:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_47b63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/25/2016 04:43:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_47b63 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-14 23:23:15.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 11:42:40.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 15:08:15.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 23:30:04.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 12:16:36.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 04:30:38.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 11:22:26.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 10:21:13.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 03:47:32.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 04:51:57.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8086.02 MB
Available physical RAM: 5983.84 MB
Total Virtual: 9622.02 MB
Available Virtual: 7420.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.79 GB) (Free:58.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6EC6A124)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:28 AM

Posted 25 May 2016 - 04:08 PM

Download 51a46ae42d560-malwarebytes_anti_malware. MalwareBytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.


  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.


  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.


Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 angaar

angaar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 25 May 2016 - 04:20 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-05-25
Scan Time: 5:11 PM
Logfile: scan2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.25.07
Rootkit Database: v2016.05.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342266
Time Elapsed: 3 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files


Edited by angaar, 25 May 2016 - 04:21 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:28 AM

Posted 26 May 2016 - 10:08 AM

I'm seeing nothing that would indicate Malware on this computer.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 angaar

angaar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 29 May 2016 - 06:40 PM

Thank you for your help. It would seem the problem is my ISP.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:28 AM

Posted 02 June 2016 - 08:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users