Solved Virus, please help, thank you so much!! FRST file here

Broni · May 3, 2016

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Bunbun · May 3, 2016

Combofix log

ComboFix 16-04-29.01 - Nancy 05/03/2016 20:01:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8135.6025 [GMT -4:00]
Running from: e:\desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20150505.txt
c:\cflog\CrashLog_20150518.txt
c:\cflog\CrashLog_20150519.txt
c:\cflog\CrashLog_20150731.txt
c:\cflog\CrashLog_20150804.txt
c:\cflog\EPLog.txt
c:\programdata\1462149135
c:\programdata\1462149135\s9.zip.dl
c:\users\Nancy\AppData\Local\assembly\tmp
c:\users\Nancy\AppData\Local\cap4.exe
c:\users\Nancy\AppData\Local\ddnow4.exe
c:\users\Nancy\AppData\Local\tinstall4.exe
c:\users\Nancy\AppData\Roaming\Blackfax.exe
c:\users\Nancy\AppData\Roaming\StrongQvoeco.exe
c:\users\Nancy\avcodec-53.dll
c:\users\Nancy\avformat-53.dll
c:\users\Nancy\avutil-51.dll
c:\windows\dll.dll
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
c:\windows\SysWow64\DEBUG.log
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-04-04 to 2016-05-04 )))))))))))))))))))))))))))))))
.
.
2016-05-04 00:04 . 2016-05-04 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-04 00:04 . 2016-05-04 00:04 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-05-03 03:58 . 2016-05-03 03:59 -------- d-----w- C:\AdwCleaner
2016-05-03 03:28 . 2016-05-03 23:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-03 03:28 . 2016-05-03 03:28 -------- d-----w- c:\programdata\Malwarebytes
2016-05-03 03:28 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-03 03:28 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-03 03:28 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-03 02:46 . 2016-05-03 02:46 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-03 02:46 . 2016-05-03 03:34 -------- d-----w- c:\programdata\RogueKiller
2016-05-02 13:03 . 2016-05-02 13:03 1264640 ----a-w- c:\windows\system32\bi2.exe
2016-05-02 00:55 . 2016-05-02 00:55 -------- d-----w- C:\FRST
2016-05-02 00:34 . 2016-05-03 03:33 -------- d-----w- c:\program files (x86)\herc
2016-05-02 00:34 . 2016-05-02 00:34 -------- d-----w- c:\program files (x86)\InternetPlus
2016-05-02 00:34 . 2016-05-02 00:34 -------- d-----w- c:\program files (x86)\disassociation
2016-05-02 00:34 . 2016-05-03 04:22 -------- d-----w- C:\a
2016-05-02 00:34 . 2016-05-03 03:33 -------- d-----w- c:\program files (x86)\dissertation
2016-05-02 00:34 . 2016-05-02 00:34 -------- d-----w- c:\program files (x86)\scantily
2016-05-02 00:34 . 2016-05-02 00:34 -------- d-----w- c:\program files (x86)\domingo
2016-05-02 00:32 . 2016-05-02 00:32 -------- d-----w- c:\users\Nancy\AppData\Roaming\c
2016-05-02 00:29 . 2016-05-02 00:29 8192 ----a-w- c:\windows\cicada.exe
2016-05-02 00:29 . 2016-05-02 00:29 8704 ----a-w- c:\windows\mongolians.exe
2016-05-02 00:29 . 2016-05-02 00:29 41512 ----a-w- c:\windows\responsiveness.exe
2016-05-02 00:29 . 2016-05-02 00:29 36864 ----a-w- c:\windows\imperceptibly.exe
2016-05-02 00:27 . 2016-05-02 00:27 -------- d-----w- c:\windows\system32\iup
2016-05-02 00:27 . 2016-05-03 03:33 -------- d-----w- c:\program files (x86)\SecuriDex
2016-05-02 00:27 . 2016-05-03 03:33 -------- d-----w- c:\program files\Caster
2016-05-02 00:25 . 2016-05-02 00:25 -------- d-----w- C:\uninst
2016-05-02 00:25 . 2016-05-03 03:33 -------- d-----w- c:\users\Nancy\AppData\Roaming\Reuopreux
2016-05-02 00:25 . 2016-05-02 00:25 -------- d-----w- c:\users\Nancy\AppData\Local\Tempfolder
2016-05-02 00:24 . 2016-05-02 00:24 -------- d-----w- c:\users\Nancy\AppData\Roaming\efo
2016-05-01 02:19 . 2016-05-01 02:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2016-05-01 02:19 . 2016-05-01 02:19 -------- d-----w- c:\program files (x86)\QuickTime
2016-04-30 18:59 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C294316-39DE-493D-BE43-F0E4D85BACB3}\mpengine.dll
2016-04-28 21:02 . 2016-04-28 21:02 -------- d-----w- c:\programdata\Creative
2016-04-28 21:02 . 2016-04-28 21:02 -------- d-----w- c:\users\Nancy\AppData\Roaming\RocketFish
2016-04-28 21:02 . 2016-04-28 21:02 -------- d-----w- c:\users\Nancy\AppData\Roaming\Creative
2016-04-28 20:59 . 2016-04-28 20:59 -------- d-----w- c:\program files (x86)\Creative
2016-04-28 20:59 . 2010-03-26 17:37 173056 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2016-04-28 20:59 . 2009-05-28 14:49 224768 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2016-04-28 04:15 . 2016-04-28 05:05 -------- d-----w- c:\users\Nancy\AppData\Roaming\Audacity
2016-04-28 04:15 . 2016-04-28 04:15 -------- d-----w- c:\users\Nancy\AppData\Local\Audacity
2016-04-28 04:15 . 2016-04-28 04:15 -------- d-----w- c:\program files (x86)\Audacity
2016-04-28 03:10 . 2016-04-28 03:10 -------- d-----w- c:\program files\Blackmagic Design
2016-04-28 03:09 . 2016-05-03 02:22 -------- d-----w- c:\users\postgres
2016-04-28 03:08 . 2016-04-28 03:08 -------- d-----w- c:\program files\PostgreSQL
2016-04-28 03:07 . 2016-04-28 03:07 -------- d-----w- C:\temp
2016-04-28 02:49 . 2016-04-28 02:51 -------- d-----w- c:\users\Nancy\AppData\Roaming\HandBrake
2016-04-28 02:49 . 2016-04-28 02:49 -------- d-----w- c:\users\Nancy\AppData\Roaming\HandBrake Team
2016-04-28 02:31 . 2016-04-28 02:31 -------- d-----w- c:\program files\Handbrake
2016-04-15 17:21 . 2016-04-15 17:21 -------- d-----w- c:\programdata\Blackmagic Design
2016-04-04 21:39 . 2016-04-04 21:39 -------- d-----w- c:\users\Nancy\AppData\Roaming\CELSYS
2016-04-04 21:35 . 2016-04-04 21:35 -------- d-----w- c:\programdata\CELSYS_EN
2016-04-04 21:35 . 2016-04-04 21:35 -------- d-----w- c:\program files\CELSYS
2016-04-04 17:02 . 2016-04-04 17:02 -------- d-----w- c:\programdata\FEA3F5DE-0F10-454D-B6C0-55E35B170A9D
2016-04-04 17:02 . 2016-04-04 17:02 -------- d-----w- c:\programdata\69B6DBD2-8E05-476F-B662-CF8D235FD499
2016-04-04 17:02 . 2016-04-04 17:02 -------- d-----w- c:\users\Nancy\AppData\Roaming\Smith Micro
2016-04-04 17:01 . 2016-04-04 17:01 -------- d-----w- c:\programdata\Smith Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 19:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-13 05:31 . 2015-04-26 19:55 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-03-17 22:24 . 2016-04-12 22:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-13 17:42 . 2012-07-17 18:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-02-12 18:52 . 2016-03-09 00:53 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 00:53 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 00:53 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 00:53 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 00:53 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 00:53 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 00:53 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 00:53 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 00:53 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 00:53 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 00:53 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 00:53 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 00:53 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 00:53 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 00:53 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 00:53 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 00:52 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 00:52 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 00:52 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 00:52 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 00:52 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 00:52 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 00:52 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 00:52 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 00:52 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 00:52 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 00:52 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 00:52 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 00:52 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 00:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 00:52 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 00:52 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 00:52 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 00:52 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 00:52 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 00:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 04:13 . 2016-02-05 04:13 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2016-02-05 04:13 . 2016-02-05 04:13 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2016-02-05 04:03 . 2016-02-05 04:03 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-02-05 04:03 . 2016-02-05 04:03 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-02-05 01:19 . 2016-03-09 00:52 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 00:52 296448 ----a-w- c:\windows\SysWow64\mfds.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 199488 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806232]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"Dropbox Update"="c:\users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-04-09 51656320]
"Spotify Web Helper"="c:\users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-04-28 1525360]
"Discord"="c:\users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe" [2016-04-22 53430456]
"Spotify"="c:\users\Nancy\AppData\Roaming\Spotify\Spotify.exe" [2016-04-28 6890608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-04-26 293872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Rocket Live! Central 2"="f:\live! central\RFLVCentral2.exe" [2010-02-24 430247]
"V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-07-21 28672]
"toys"="c:\program files (x86)\dissertation\gaol.exe" [2016-05-02 36864]
.
c:\users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-4-14 23248560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2016-1-6 12869392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
R2 MBAMScheduler;MBAMScheduler;e:\desktop\Malwarebytes Anti-Malware\mbamscheduler.exe;e:\desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;e:\desktop\Malwarebytes Anti-Malware\mbamservice.exe;e:\desktop\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Wyaqki;Wyaqki;c:\users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe;c:\users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe [x]
R3 ArcService;Arc Service;e:\downloads\Arc\ArcService.exe;e:\downloads\Arc\ArcService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
R3 VBAudioVMVAIOMME;VB-Audio VoiceMeeter VAIO (WDM);c:\windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_vmvaio64_win7.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 X6va031;X6va031;c:\windows\SysWOW64\Drivers\X6va031;c:\windows\SysWOW64\Drivers\X6va031 [x]
R3 X6va060;X6va060;c:\windows\SysWOW64\Drivers\X6va060;c:\windows\SysWOW64\Drivers\X6va060 [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0650Vid.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
*Deregistered* - NAL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-03 23:52 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job
- c:\users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 16:17]
.
2016-05-03 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job
- c:\users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 16:17]
.
2016-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13 18:54]
.
2016-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-04-08 18:17 236352 ----a-w- c:\users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-26 7640944]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-12 2655520]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-12 1710752]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-01-08 508128]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-11-20 15033976]
"pollen.exeundependable.exe"="c:\program files (x86)\dissertation\gaol.exe" [2016-05-02 36864]
"toys"="c:\program files (x86)\dissertation\gaol.exe" [2016-05-02 36864]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Nancy\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-Reflector2 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-KakaoTalk - c:\program files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
c:\users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711tidied.lnk - (no file)
c:\users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tidied.lnk - (no file)
AddRemove-KakaoTalk - c:\program files (x86)\Kakao\KakaoTalk\uninstall.exe
AddRemove-BrowserAir - c:\users\Nancy\AppData\Local\BrowserAir\Application\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va021]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va031]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va031"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va060]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va060"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-03 20:05:26
ComboFix-quarantined-files.txt 2016-05-04 00:05
.
Pre-Run: 25,116,389,376 bytes free
Post-Run: 26,082,033,664 bytes free
.
- - End Of File - - 5A45D22EDFC2E94B23E8AB3F83721FE5
A36C5E4F47E84449FF07ED3517B43A31

Bunbun · May 3, 2016

One thing I noticed every time I turn on my computer is a prompt that says, "network.exe has stopped working." When I don't click on, "stop the program" my computer shuts off, is that something that I should be worried about? ><

Broni · May 3, 2016

We'll see.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Bunbun · May 3, 2016

Now a new prompt has popped up along with the, "network has stopped working." It says, "C:\Users\Nancy\AppData\Local\Temp\211247Log.iniis lost"

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
Ran by Nancy (administrator) on SILENT-KNIGHT (03-05-2016 21:58:29)
Running from E:\Desktop
Loaded Profiles: Nancy & postgres (Available Profiles: Nancy & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Dropbox, Inc.) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) F:\Live! Central\RfLVCentral2.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2015-04-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2015-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Rocket Live! Central 2] => F:\Live! Central\RFLVCentral2.exe [430247 2010-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0650Mon.exe] => C:\Windows\V0650Mon.exe
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Dropbox Update] => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify Web Helper] => C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Discord] => C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify] => C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-05-02]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Bunbun · May 3, 2016

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> E:\Downloads\Arc\Plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Downloads\Arc\plugins\NPSWF32.dll [2015-05-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-04] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Downloads\Arc\Plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-1716612969-2344737603-4151003975-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
CHR StartupUrls: Profile 1 -> "hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Profile 1 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
CHR DefaultSearchKeyword: Profile 1 -> www-searching.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12]
CHR Extension: (BetterTTV) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-25]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]

Bunbun · May 3, 2016

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; E:\Downloads\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2015-04-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MBAMScheduler; E:\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; E:\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 Wyaqki; "C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-28] (BitRaider)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2015-04-25] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-05-24] (Echobit, LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-14] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-30] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-02] ()
R3 V0650Vid; C:\Windows\System32\DRIVERS\V0650Vid.sys [393536 2010-04-01] (Creative Technology Ltd.)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-05-09] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 20:05 - 2016-05-03 20:05 - 00044558 _____ C:\ComboFix.txt
2016-05-03 20:00 - 2016-05-03 20:05 - 00000000 ____D C:\Qoobox
2016-05-03 20:00 - 2016-05-03 20:04 - 00000000 ____D C:\Windows\erdnt
2016-05-03 20:00 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-03 20:00 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-03 20:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-03 20:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-03 20:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-03 20:00 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-03 20:00 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-03 20:00 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-03 00:02 - 2016-05-03 00:02 - 00003516 _____ C:\Windows\System32\Tasks\IBUpd
2016-05-03 00:02 - 2016-05-03 00:02 - 00003260 _____ C:\Windows\System32\Tasks\IBUpd2
2016-05-03 00:01 - 2016-05-03 00:01 - 00004162 _____ C:\Windows\System32\Tasks\SMW_P
2016-05-02 23:58 - 2016-05-02 23:59 - 00000000 ____D C:\AdwCleaner
2016-05-02 23:28 - 2016-05-03 21:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-02 23:28 - 2016-05-02 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-02 23:28 - 2016-05-02 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-02 23:28 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-02 23:28 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-02 23:28 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-02 22:46 - 2016-05-02 23:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-02 22:46 - 2016-05-02 22:46 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow00723F98
2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow00000000027243C8
2016-05-02 09:03 - 2016-05-02 09:03 - 01264640 _____ C:\Windows\system32\bi2.exe
2016-05-01 23:38 - 2016-05-01 23:38 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow03887D90
2016-05-01 20:58 - 2016-05-01 20:58 - 00002243 _____ C:\Windows\epplauncher.mif
2016-05-01 20:55 - 2016-05-03 21:58 - 00000000 ____D C:\FRST
2016-05-01 20:48 - 2016-05-02 23:37 - 00573760 _____ C:\Windows\ntbtlog.txt
2016-05-01 20:34 - 2016-05-03 00:22 - 00000000 ____D C:\a
2016-05-01 20:34 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\herc
2016-05-01 20:34 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\dissertation
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\scantily
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\InternetPlus
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\domingo
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\disassociation
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\stxtname.txt
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\run.txt
2016-05-01 20:32 - 2016-05-01 20:32 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\c
2016-05-01 20:29 - 2016-05-01 20:29 - 00041512 _____ C:\Windows\responsiveness.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00036864 _____ C:\Windows\imperceptibly.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00008704 _____ C:\Windows\mongolians.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00008192 _____ C:\Windows\cicada.exe
2016-05-01 20:28 - 2016-05-01 20:28 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow0061C778
2016-05-01 20:27 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Caster
2016-05-01 20:27 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\SecuriDex
2016-05-01 20:27 - 2016-05-01 20:27 - 06494208 _____ C:\Users\Nancy\AppData\Roaming\agent.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 01626777 _____ C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst
2016-05-01 20:27 - 2016-05-01 20:27 - 00072717 _____ C:\Users\Nancy\AppData\Roaming\Blackfax.tst
2016-05-01 20:27 - 2016-05-01 20:27 - 00018432 _____ C:\Users\Nancy\AppData\Roaming\Main.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Windows\system32\iup
2016-05-01 20:25 - 2016-05-02 23:33 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Reuopreux
2016-05-01 20:25 - 2016-05-01 20:27 - 00127488 _____ C:\Users\Nancy\AppData\Roaming\Installer.dat
2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\Local\Tempfolder
2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\uninst
2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\efo
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\RocketFish
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Creative
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\ProgramData\Creative
2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocketfish
2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\Program Files (x86)\Creative
2016-04-28 16:59 - 2010-03-26 13:37 - 00173056 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
2016-04-28 16:59 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
2016-04-28 16:59 - 2006-09-19 13:56 - 00057656 ____N C:\Windows\system32\Drivers\FilterPC.bmp
2016-04-28 16:58 - 2010-07-21 09:01 - 00045056 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Pin.dll
2016-04-28 16:58 - 2010-07-21 09:01 - 00044544 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Pin.dll
2016-04-28 16:58 - 2010-07-21 09:01 - 00028672 _____ (Creative Technology Ltd.) C:\Windows\V0650Mon.exe
2016-04-28 16:58 - 2010-06-28 15:50 - 00268800 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Afx.sys
2016-04-28 16:58 - 2010-04-01 09:00 - 00393536 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Vid.sys
2016-04-28 16:58 - 2010-03-26 09:00 - 00069632 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.crl
2016-04-28 16:58 - 2010-03-26 09:00 - 00058880 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.crl
2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\V0650AF.dll
2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\system32\V0650AF.dll
2016-04-28 16:58 - 2010-03-12 20:00 - 00004195 _____ C:\Windows\VF0650.uns
2016-04-28 16:58 - 2010-02-26 10:00 - 00134656 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.ax
2016-04-28 16:58 - 2010-02-26 10:00 - 00114688 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.ax
2016-04-28 16:58 - 2010-02-11 10:00 - 00032768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Hwx.dll
2016-04-28 16:58 - 2010-02-11 10:00 - 00023040 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Hwx.dll
2016-04-28 16:58 - 2009-09-25 15:27 - 00108032 _____ (Creative Technology Ltd.) C:\Windows\CtDrvIns.exe
2016-04-28 16:58 - 2009-09-03 16:47 - 00285696 _____ (Creative Technology Ltd.) C:\Windows\system32\CTAFX64.dll
2016-04-28 16:58 - 2009-06-26 13:40 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamMgr.dll
2016-04-28 16:58 - 2009-06-26 13:40 - 00029184 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamMgr.dll
2016-04-28 16:58 - 2007-08-23 19:46 - 00020480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamPin.crl
2016-04-28 16:58 - 2007-08-23 19:46 - 00010752 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamPin.crl
2016-04-28 16:58 - 2006-09-19 13:56 - 00057656 _____ C:\Windows\system32\Drivers\V0650PC.bmp
2016-04-28 00:15 - 2016-05-02 23:35 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-04-28 00:15 - 2016-04-28 01:05 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Audacity
2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Users\Nancy\AppData\Local\Audacity
2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Program Files\Blackmagic Design
2016-04-27 23:09 - 2016-05-02 22:22 - 00000000 ____D C:\Users\postgres
2016-04-27 23:09 - 2016-04-27 23:09 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-04-27 23:09 - 2016-04-27 23:09 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-04-27 23:09 - 2016-03-15 21:50 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
2016-04-27 23:09 - 2011-04-12 04:28 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\Program Files\PostgreSQL
2016-04-27 23:07 - 2016-04-27 23:07 - 00000000 ____D C:\temp
2016-04-27 22:49 - 2016-04-27 22:51 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake
2016-04-27 22:49 - 2016-04-27 22:49 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake Team
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start

Bunbun · May 3, 2016

Menu\Programs\Handbrake
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Program Files\Handbrake
2016-04-16 19:07 - 2016-04-16 19:07 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Dodge Roll
2016-04-15 13:21 - 2016-04-15 13:21 - 00000000 ____D C:\ProgramData\Blackmagic Design
2016-04-15 13:20 - 2016-04-15 13:20 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Apple Computer
2016-04-14 23:55 - 2016-04-14 23:55 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-12 18:52 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 18:52 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 18:52 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 18:52 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 18:52 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 18:52 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 18:52 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 18:52 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 18:52 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 18:52 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 18:52 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 18:52 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 18:52 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 18:52 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 18:52 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 18:52 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 18:52 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 18:52 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 18:52 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 18:52 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 18:52 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 18:52 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 18:52 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 18:52 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 18:52 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 18:52 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 18:52 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 18:52 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 18:52 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 18:52 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 18:52 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 18:52 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 18:52 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 18:52 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 18:52 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 18:52 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 18:52 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 18:52 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 18:52 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 18:52 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 18:52 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 18:52 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 18:52 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 18:52 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 18:52 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 18:52 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 18:52 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 18:52 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 18:52 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 18:52 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 18:52 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 18:52 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 18:52 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 18:52 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 18:52 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 18:52 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 18:52 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 18:52 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 18:52 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 18:52 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 18:52 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 18:52 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 18:52 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 18:52 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 18:52 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 18:52 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 18:52 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 18:52 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 18:52 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 18:52 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 18:52 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 18:52 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 18:52 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 18:52 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 18:52 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 18:52 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 18:52 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 18:52 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 18:52 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 18:52 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 18:52 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 18:52 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 18:52 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 18:52 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 18:52 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 18:52 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 18:52 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 18:52 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 18:52 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 18:52 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 18:52 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 18:52 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 18:52 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 18:52 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 18:52 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 18:52 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 18:52 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 18:52 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 18:52 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 18:52 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 18:52 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 18:52 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 18:52 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-10 19:34 - 2016-04-10 19:34 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\CampoSanto
2016-04-06 21:35 - 2016-05-02 23:35 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2016-04-06 21:35 - 2016-04-06 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
2016-04-04 17:39 - 2016-04-04 17:39 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\CELSYS_EN
2016-04-04 17:39 - 2016-04-04 17:39 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\CELSYS
2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\ProgramData\CELSYS_EN
2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\Program Files\CELSYS
2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Smith Micro
2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\ProgramData\FEA3F5DE-0F10-454D-B6C0-55E35B170A9D
2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2016-04-04 13:01 - 2016-04-04 13:01 - 00000000 ____D C:\ProgramData\Smith Micro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 21:58 - 2009-07-14 01:13 - 00783646 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-03 21:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-03 21:57 - 2016-01-30 17:07 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Spotify
2016-05-03 21:53 - 2015-04-26 15:53 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Skype
2016-05-03 21:52 - 2016-01-30 17:08 - 00000000 ____D C:\Users\Nancy\AppData\Local\Spotify
2016-05-03 21:52 - 2015-12-13 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-03 21:52 - 2015-04-25 22:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-03 21:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-03 20:12 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-03 20:12 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-03 20:09 - 2015-12-13 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-03 20:05 - 2015-08-23 12:27 - 00000000 ____D C:\Users\Nancy\AppData\Local\Apps\2.0
2016-05-03 20:04 - 2015-04-25 20:48 - 00000000 ____D C:\Users\Nancy
2016-05-03 20:04 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-05-03 19:54 - 2015-12-13 14:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 19:48 - 2015-06-16 12:17 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job
2016-05-03 00:00 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\discord
2016-05-03 00:00 - 2015-04-26 15:54 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Dropbox
2016-05-02 23:35 - 2016-03-15 22:09 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2016-05-02 23:35 - 2016-03-15 22:08 - 00001550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
2016-05-02 23:35 - 2016-03-15 22:08 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:50 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-02 23:35 - 2016-03-15 21:15 - 00002557 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-02 23:35 - 2016-03-13 13:42 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-05-02 23:35 - 2016-03-13 13:42 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-05-02 23:35 - 2016-02-05 13:22 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-05-02 23:35 - 2016-01-30 17:08 - 00001773 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-02 23:35 - 2015-11-11 20:14 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-02 23:35 - 2015-07-11 15:02 - 00002597 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-05-02 23:35 - 2015-05-18 20:10 - 00000834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2016-05-02 23:35 - 2015-04-26 19:01 - 00000910 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-05-02 23:35 - 2015-04-26 11:36 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-02 23:35 - 2015-04-26 11:36 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-02 23:35 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-02 23:35 - 2009-07-14 00:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-02 23:35 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-02 23:34 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-02 23:34 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-05-02 22:22 - 2015-05-04 21:47 - 00000000 ____D C:\Users\Nancy\AppData\Local\Adobe
2016-05-01 20:32 - 2016-03-15 21:14 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\uTorrent
2016-05-01 20:30 - 2016-03-15 21:15 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\uTorrent
2016-05-01 20:27 - 2015-04-26 18:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-01 20:25 - 2015-04-26 16:12 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Adobe
2016-05-01 01:35 - 2015-06-16 12:17 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job
2016-04-30 23:04 - 2015-05-09 21:38 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\OBS
2016-04-30 22:08 - 2015-04-26 16:00 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Mumble
2016-04-28 18:54 - 2015-04-26 19:00 - 00000000 ____D C:\Users\Nancy\AppData\Local\osu!
2016-04-28 17:26 - 2015-05-24 13:44 - 00000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps
2016-04-28 16:59 - 2015-04-25 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-28 14:51 - 2015-05-04 21:50 - 00000000 ____D C:\ProgramData\Adobe
2016-04-28 14:41 - 2016-01-30 16:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-28 14:41 - 2015-04-26 15:53 - 00000000 ____D C:\ProgramData\Skype
2016-04-27 23:07 - 2015-05-04 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-27 22:45 - 2015-05-04 22:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-27 22:00 - 2015-10-17 16:51 - 00000000 ____D C:\Users\Nancy\AppData\Local\TERA
2016-04-22 17:57 - 2016-03-09 22:59 - 00000000 ____D C:\Users\Nancy\AppData\Local\Discord
2016-04-22 17:57 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-22 17:57 - 2015-05-20 12:13 - 00000000 ____D C:\Users\Nancy\AppData\Local\SquirrelTemp
2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 16:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 13:13 - 2015-04-26 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-15 13:10 - 2016-03-13 13:41 - 00000000 ____D C:\Users\Nancy\AppData\Local\Windows Live
2016-04-13 12:53 - 2016-03-15 18:51 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 12:53 - 2009-07-14 00:45 - 04953336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 01:34 - 2015-04-26 15:55 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 01:31 - 2015-04-26 15:55 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-03 19:22 - 2016-03-20 19:18 - 00000000 ____D C:\Users\Nancy\AppData\Local\UNDERTALE

==================== Files in the root of some directories =======

2016-02-05 13:23 - 2016-03-10 23:44 - 0000033 _____ () C:\Users\Nancy\AppData\Roaming\AdobeWLCMCache.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 6494208 _____ () C:\Users\Nancy\AppData\Roaming\agent.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 0072717 _____ () C:\Users\Nancy\AppData\Roaming\Blackfax.tst
2016-05-01 20:25 - 2016-05-01 20:27 - 0127488 _____ () C:\Users\Nancy\AppData\Roaming\Installer.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 0018432 _____ () C:\Users\Nancy\AppData\Roaming\Main.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 1626777 _____ () C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst
2015-05-10 16:06 - 2015-05-24 22:48 - 0030598 _____ () C:\Users\Nancy\AppData\Roaming\VoiceMeeterDefault.xml
2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\run.txt
2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\stxtname.txt
2015-04-25 21:23 - 2015-04-25 21:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Nancy\brwc_swtor.exe
C:\Users\Nancy\icudt.dll
C:\Users\Nancy\launcherDiag.exe
C:\Users\Nancy\launcherRestartMsg.exe
C:\Users\Nancy\libcef.dll
C:\Users\Nancy\SWTORLaunch.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-20 16:19

==================== End of FRST.txt ============================

Bunbun · May 3, 2016

Addition txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Nancy (2016-05-03 21:58:41)
Running from E:\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-26 00:48:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1716612969-2344737603-4151003975-500 - Administrator - Disabled)
Guest (S-1-5-21-1716612969-2344737603-4151003975-501 - Limited - Disabled)
Nancy (S-1-5-21-1716612969-2344737603-4151003975-1000 - Administrator - Enabled) => C:\Users\Nancy
postgres (S-1-5-21-1716612969-2344737603-4151003975-1001 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
100% Orange Juice (HKLM-x32\...\Steam App 282800) (Version: - Orange_Juice)
60 Seconds! (HKLM\...\Steam App 368360) (Version: - Robot Gentleman)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Atom (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\atom) (Version: 1.5.4 - GitHub Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Awesomenauts (HKLM\...\Steam App 204300) (Version: - Ronimo Games)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\BitTorrent) (Version: 7.9.3.40634 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster)
Cat Goes Fishing (HKLM\...\Steam App 343780) (Version: - Cat5Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Cook, Serve, Delicious! (HKLM\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
Crimzon Clover WORLD IGNITION (HKLM\...\Steam App 285440) (Version: - YOTSUBANE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
Dear Esther (HKLM\...\Steam App 203810) (Version: - The Chinese Room)
Discord (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Firewatch (HKLM\...\Steam App 383870) (Version: - Campo Santo)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3920 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Journal (HKLM\...\Steam App 261680) (Version: - Locked Door Puzzle)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.1.3.1173 - Kakao Corp.)
Keep Talking and Nobody Explodes (HKLM\...\Steam App 341800) (Version: - Steel Crate Games)
Krita Desktop (x64) 2.9.6.3 (HKLM\...\{075BFD2E-33CB-4251-93CD-CD644A40C891}) (Version: 2.9.6.3 - Krita Foundation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Long Live The Queen (HKLM\...\Steam App 251990) (Version: - Hanako Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mumble 1.2.13 (HKLM-x32\...\{AB6B69F9-1A90-44EC-AE6C-A6BEA2C4F0CB}) (Version: 1.2.13 - Thorvald Natvig)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{904a59ce-aa0f-4709-bbea-702b9ed44afc}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rocketfish HD Webcam (1.01.01.00) (HKLM\...\Rocketfish VF0650) (Version: - Rocketfish)
Rocketfish Live! Central (HKLM-x32\...\Rocketfish Live! Central) (Version: 2.00.55 - Creative Technology Ltd)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Sleeping Dogs: Definitive Edition (HKLM\...\Steam App 307690) (Version: - United Front Games)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
SteelSeries Engine 3.6.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.3 - SteelSeries ApS)
Stray Cat Crossing Demo (HKLM-x32\...\Steam App 398600) (Version: - Jurlo)
Strider (HKLM-x32\...\Steam App 235210) (Version: - Double Helix Games)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Knobbly Crook: Chapter I - The Horse You Sailed In On (HKLM\...\Steam App 378300) (Version: - Gnarled Scar Manipulations)
The Typing of The Dead: Overkill (HKLM\...\Steam App 246580) (Version: - Modern Dream)
There's Poop In My Soup (HKLM\...\Steam App 449540) (Version: - Rudder Games)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
TwitchAlerts (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts)
Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
White Night (HKLM\...\Steam App 301560) (Version: - OSome Studio)
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Bunbun · May 3, 2016

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {118B3AD1-1177-467F-AC83-C4FBBFD0C0D2} - System32\Tasks\ASUS\I-Setup211247 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
Task: {2EACD216-55C3-44AC-B06E-8334BA428602} - System32\Tasks\ASUS\I-Setup234056 => C:\Windows\Install\AsusSetup.exe
Task: {3D6215F6-CA1C-44D3-850F-8F6C34D30575} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core -> No File <==== ATTENTION
Task: {42878D1A-A495-492C-8BD7-EABE4BA51388} - System32\Tasks\IBUpd2 => C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {5CF0C7F0-B350-4C6E-9DAC-C3A5E2E3FA21} - \AdobeAAMUpdater-1.0-Silent-Knight-Nancy -> No File <==== ATTENTION
Task: {789202B6-A930-4D0A-B986-ED2184841BF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8FABE58C-337B-4497-9CB2-DEE46E457F82} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {96F9CC98-6ADA-4F9E-AE13-A3C9F558E89A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {AADA29C5-78EC-44E3-81B9-89136AA2A0B0} - \3409948 -> No File <==== ATTENTION
Task: {BD032AD3-7BAE-4321-BFEB-3C2A016114F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C52B8E95-C383-40B2-8B2E-CE03C7B5D6EE} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== ATTENTION
Task: {CB6C034A-D3D3-4924-B225-58CFC7513C9F} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA -> No File <==== ATTENTION
Task: {CD96F01C-3DBF-4985-BEB5-DE63457B5D7D} - System32\Tasks\IBUpd => C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {D2E81F2D-65CE-4E13-BCE6-D165F409370B} - System32\Tasks\ASUS\I-Setup211559 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
Task: {E635D6C0-8D46-4A30-8878-E23C4291A457} - \PaintTool SAI -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-04-25 22:24 - 2015-11-02 09:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-04-27 23:08 - 2013-04-01 23:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-04-27 23:08 - 2012-08-14 09:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2015-12-09 14:58 - 2014-01-13 12:24 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-04-25 22:24 - 2015-10-11 23:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-30 17:08 - 2016-04-27 21:23 - 47503472 _____ () C:\Users\Nancy\AppData\Roaming\Spotify\libcef.dll
2015-12-11 21:01 - 2016-03-21 17:50 - 00034768 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-14 23:55 - 2016-03-21 17:51 - 00019408 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00116688 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 21:01 - 2016-03-21 17:50 - 00093640 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00018376 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00019760 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00105928 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00392144 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 21:01 - 2016-04-08 14:20 - 00381752 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00692688 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020816 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 21:01 - 2016-03-21 17:51 - 00112592 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 01682760 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00021840 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00038696 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-14 23:55 - 2016-03-21 17:52 - 00020936 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024528 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00114640 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00124880 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00021832 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024016 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00175560 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00030160 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00043472 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00028616 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00048592 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00026456 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00057808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024016 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00117056 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00023376 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00134608 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00134088 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-14 23:55 - 2016-03-21 17:51 - 00240584 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00024392 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-14 23:55 - 2016-03-21 17:52 - 00036296 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-14 23:55 - 2016-04-08 14:19 - 00052024 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00020800 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00021824 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00019776 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00020800 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020280 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00350152 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00022352 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00084280 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-14 23:55 - 2016-04-08 14:20 - 01826096 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 21:01 - 2016-03-21 17:51 - 00083912 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 03928880 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 01971504 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00531248 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00132912 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00223544 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00207672 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00158008 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00042808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-14 23:55 - 2016-03-21 17:54 - 00017864 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-14 23:55 - 2016-03-21 17:54 - 01631184 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-11 21:01 - 2016-04-08 14:20 - 00024904 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00546096 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00357680 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 17:45 - 2016-03-21 17:56 - 00697304 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-01-30 17:08 - 2016-04-27 21:23 - 01584240 _____ () C:\Users\Nancy\AppData\Roaming\Spotify\libglesv2.dll
2016-01-30 17:08 - 2016-04-27 21:23 - 00082032 _____ () C:\Users\Nancy\AppData\Roaming\Spotify\libegl.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3CAE2A70 [130]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [222]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-03 20:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

Bunbun · May 3, 2016

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CA850337-2A4C-4A8A-82AF-4C9E5727EBAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{82743C46-D2C3-4214-AF5C-74464C141BBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA860072-5BEC-4590-82FC-9A49F1955FD4}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4FED180B-FE31-4DBA-B6D9-6E0E8F2DF569}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0BB38351-AF8C-4915-9F15-EAB77AA59307}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34BF9E6B-6BFA-43B1-A789-4030CB3BA1B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55FCA881-379A-45B4-A749-ED73A23BFEC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{636AA001-6352-4AD6-8BD8-625A8D6E26EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{58491868-C389-44C9-AC99-84548ADED842}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{45FFC5C0-B3F2-4F31-B61F-24DF9E431B25}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{9C259B5D-A70B-4268-9B1B-AECAF35E5755}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{AF2E69B4-7D33-4BBA-9153-5C38CB9B4BF4}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{1B5E3003-2C00-46BF-A199-24A6CD4CE12A}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BD2AFC90-1715-4EF1-8894-6735610383E2}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C925A17E-8ED8-4C9E-9C35-6B17303FE87E}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{28A534B4-FD1E-4A8B-ADF6-EB01326D5F48}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{252B4E47-A5D2-4BD2-9F9C-302415DDD533}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D2562BF8-9FF3-40ED-935E-720665EF43EF}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{134F1368-92DF-459C-B5BE-17F5DB8E0F35}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{AF8CCDD7-BA7F-47C6-AD05-9051856BAA14}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{985D84D5-BBD5-45CF-A48B-60952E272062}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{56F755E0-8216-44D5-BFF7-15FC70F9C2DB}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A7787897-2158-4E09-A0B2-5AFC86E1958B}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{A800E5AD-57E7-4F89-9BB0-EF30DB6AAC8D}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{D8D32F7B-04B8-410B-A5CA-588624FF8A33}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{63B64796-AC28-4634-9AC5-BA82E30CBB04}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{E5DB4A09-3C4E-469D-9062-E7DFC315C512}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{EDB4D55E-6B92-432B-BF60-EFE045A9820B}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8883127C-8E0E-4AC1-96A5-C1AA8C975F6B}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3C7594B7-D47E-4C44-A177-04B8384E4CD9}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4CFC0D5D-70CA-4CEB-A24B-ABF6548787C8}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A3C5A3B7-A2FB-4D39-9E50-BC0B63FFBAC5}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB87F5D0-7208-4C6D-A6F1-DFF718135C51}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9741A865-4CF4-4BA0-98CD-F6C538D5D783}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1EF8B1A6-D86F-41CC-BFB6-BDDC2984BD1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3EA4F37F-8696-4707-AECF-DB1D7228CBB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3C017C47-C3E8-4AFF-8CD1-B464CE8BFDAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B6F73F5-7E34-4043-B338-777039677803}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4A6538E3-D7C3-43D2-9C51-78658E43673C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122E4204-2A28-42A7-947A-F5C21B630506}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{44E0B86E-13C3-449A-B272-3B2B42043C21}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{8714BDFF-35C2-4F4F-9F25-902AD96CCCB9}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
FirewallRules: [{D5B337C0-8DF9-4A5E-B678-7E26E623904A}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
FirewallRules: [{A0F6C3EB-027A-4A80-9107-D9A7E78C0888}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{2B410402-F832-4B4A-BFA5-D6D9353B581D}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{880E159E-BF42-4A92-B9CE-1556CBEF3C82}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
FirewallRules: [{E5119782-9C40-4C69-AE0C-207D1684421F}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
FirewallRules: [{2DF84BDD-C3A8-4157-9B0D-C2FAC8A36A78}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{757552F0-B94B-4EF2-847B-4D9DA202F6B2}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C7546C24-9468-4869-9801-4A9B0B073DD6}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{423FD44A-696F-4A39-B0E1-8D22796D74DE}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{FE3D6A81-D325-4FD6-96AA-73EBDE052744}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64FE28A2-110B-4D5B-96C1-D9073569C9F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D50F614-2C58-4B55-9BB6-F06DB9123E1F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{461BA562-9657-4E5E-AF88-E50296C255EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC3C4DEC-875C-43EB-9428-6236104BFBCC}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{F5537F0D-F4B3-4899-A657-E3A11E5FB831}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{F41F2DA8-FAA7-4F9D-BCA7-7AABCEDC94A0}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{9782D7F5-9ECF-4335-AF78-8DA407AFCC68}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [TCP Query User{17D15F1C-474A-4835-85A4-8DFEC8CEDF14}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{E03AD1FE-8648-4A66-96ED-493E8E216CA9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F048DA76-C7EA-41A1-B9B3-8AB41FE1FD18}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D6832DAB-1CB5-4D50-A0BB-BD137A2886AF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9966FC91-89D1-43CD-B996-E9D435BAE01F}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{3701F295-8530-47FE-B1AA-200D784F9726}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C0D954A0-D9FB-4594-BF2F-0C5460CE8BD6}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{4202B8D2-0112-4DF4-968C-6E13C0654755}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{328DEFC2-2997-4929-9AC1-B299D77AE402}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{E8681420-7968-4720-B57E-475B99097A1B}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{B6FF7BCF-F859-45F1-9F17-76B536595486}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{62C10A6E-C013-4038-A0B8-1C6942861696}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{72D5F959-C4BB-4DC0-9721-B2AC04993238}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
FirewallRules: [{B2F6E4BE-A031-423C-A606-DA000DE3D470}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
FirewallRules: [{0AF5151C-BC5E-40B0-AB64-D5114DAB918D}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3EDC88AB-9310-43A8-9CF1-D553406870BE}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{2565A482-E68B-414E-B135-438745C98B59}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{2CC559F4-58F8-4504-A672-963AF7858841}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{90095932-23A4-43B3-8349-CDC5038113D0}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{FD963F31-17B7-4952-A22D-8F207E2AF136}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{C8D6FDDC-E4CB-4A04-B229-1B9E043BE04F}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{44490872-1279-4E55-BFDD-B6AE43F8D32A}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{25BB77C6-AC0E-487A-916F-ECE5504F7203}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EFCFBEA7-4476-4129-AD73-3EF6D9F02818}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{804D0F0E-7928-4376-AEE3-2872DCADFCDF}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{28D511A6-AA8B-43E4-8092-7B810B25D9A4}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{D089CA47-9CA6-4EBD-BE41-8FB788DCC8EA}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{7018B7E0-0969-4443-8CF5-B0891A68819A}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{59000A7E-5F9A-449A-AD20-050206839613}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3CE3BD18-7C96-4DEF-B4BE-7CCF842C1676}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{EE2BFA29-3687-4E5A-BA78-0E15F1BC0C57}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{75E4AE9E-984F-4CB3-96E9-A6F7E96B5EC2}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{E64C92D9-C9B7-4E02-AAF6-1B02805B8C80}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{C974C8BE-0B87-4490-AA66-3A001EE3E995}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{2CA2FE66-9A4C-429D-AB9B-287C57535FFB}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{313B8372-EAEA-44D6-960F-0B8E4C147BA4}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{531F9CED-9BC6-45FA-BDC2-3B2B5BEB285E}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [TCP Query User{7F717E6B-324C-4524-BC2D-E310BABD5479}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1A27D61D-4A2A-41D7-9B5A-02491C56AE0E}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26B9624E-FA34-4E5E-999B-92D6503242ED}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{A602FB3A-AEE0-4C4A-B350-E5258EE1143F}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{CE673219-D543-41C7-90D5-14576F9051B2}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{92E983B0-31A6-4550-9B6C-5EB5BB7CA3E5}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{ACFC0827-9F5F-45B0-8D4F-488C77F7F7CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5785979C-50C6-46E7-B70E-2CEFB9F292C3}] => (Allow) LPort=2869
FirewallRules: [{7EAF4EC3-BACD-495D-8E35-5660A74FF5AD}] => (Allow) LPort=1900
FirewallRules: [{C1AE23A2-65EB-49B2-86E2-86F54961CF74}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5910248F-4F3F-401B-AA24-E4524316F063}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45B985BB-AB8A-4EF5-A6D0-0DCAD49ACF31}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F96E36E3-8857-49FC-917A-2CC010A6B0B7}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E974270-70D2-454B-9321-0CE4212EA450}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54BD21DE-2210-4FAA-B534-F4D1B3AF9A7D}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7945D5CA-8950-4FB5-9A0F-1A0E49C3C374}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FE9905EC-F275-4C09-9B65-A2040EB9E087}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F5860BBA-308D-4DA8-98F8-731C551BBB4D}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
FirewallRules: [{10E24C0B-7754-45EB-97F8-9022CDE8878B}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
FirewallRules: [{F3060FC9-480E-49B1-B724-5B6CE61999B6}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{6FE94E7C-BC0F-4A37-ACFA-4392294DD965}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E874A4A5-7860-4403-B5C2-971E8A76E0C5}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
FirewallRules: [{882E45CA-B8A3-4B77-870F-0A9608433017}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
FirewallRules: [{1E319306-A72E-4938-8FC4-65C698DE5CC9}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{2FCF3C33-7D5E-4A13-964F-BF89A4BF77A2}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{AB26598F-BCAC-4151-9BC4-1CA3E1B7B549}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{47EA068B-6CC5-484C-A6E2-1D8FA06E7EE3}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{78CEDC61-EF1A-413A-B6F8-3CC7AAC710CE}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{EF914AC4-29A5-4C8D-9E3A-473B8E91C9DF}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [TCP Query User{1782FC31-3120-4554-BBEF-1E405292D9F2}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{F29A427A-4E9A-4EDD-86BC-26D097D861E8}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{8A3B2752-9A65-45E1-9BF0-5933AA951DCF}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{F14711B0-3AB5-4E82-A292-955743BF41BC}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{C065E9D8-2F11-48F3-96C9-2277E38C6B71}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{C4C392C1-E0AF-4A6A-B3EE-01EAC5C31460}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{AF70A690-3203-4D33-8055-C9086A772ABD}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{652C422F-CF3A-48B1-9737-1394CF804CB4}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{EF13DCA4-BACD-4427-BA56-172D7BDFFF76}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{EEFF4213-8BDF-4EA9-847E-D15064180E86}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{4CC24044-89D4-4602-854C-55B6DC38B33A}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
FirewallRules: [{E0BA2255-BD30-4687-853B-EDA7F1A7AB52}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
FirewallRules: [{5F3E392B-ECD4-4151-8FAE-4A19D580AA82}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{C267D727-3C67-49A8-B23C-C1614DC42648}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{564C8FC9-DC5C-43D3-9D59-FEE0A4D8338C}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6EF1EA4A-3589-43E5-967B-CC75FCE830B3}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{00CD6E04-6FF7-410E-B5A2-4B3AFA4941F9}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{60DCC1C1-6744-4CC6-A7BC-ACE31C8B2C83}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{FC20C8E5-8212-4A69-A654-542233587F2C}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{900CE209-A07B-4656-8B66-066327C28F9F}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{5F66E185-1762-49EE-BA85-7D72A5C9F018}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{22320615-E1BB-4EE4-B69B-CC41DBE6A410}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{DABC689E-0E74-488F-895C-C6A2A13BDAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DEBBAD97-14C7-477D-92CA-B7084ECB513F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CF937966-9D54-4296-B4C3-31759B23E38D}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{5A430152-248F-462F-846D-0FAF710A3E9E}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{8266CCCB-04C2-4B6A-ADB1-9010E7AD1FFC}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{F4C6F506-C023-43EE-B630-86912420621A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{B633E87A-3FF6-483B-859B-8FAE48A94DE2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{C59DF322-709F-4E30-89EA-8A5D846177F1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{DCD7B397-9C0C-458A-9617-4B2C7AA047DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{CAF858B0-9C5D-4749-81C0-033A6392F196}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{8039991B-0897-4DBA-9F67-91965FA7D014}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{D7B85D2E-968E-468C-827E-1B89723B1068}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{EC19B3B2-DC9A-4497-87B4-81504F94B043}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{D187F224-9265-4FAA-8496-D53BE1052A95}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{8440F183-436D-4182-B3D8-F144371BF66E}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
FirewallRules: [{5BB7F5CC-5288-4CDA-A017-BC82BEF60DA0}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
FirewallRules: [{11A81325-D3AD-4763-8214-88A003969434}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{5F8B873D-548C-4F0D-AD83-5449C2D4B039}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{3976F162-3E7A-4990-87B5-C604E3DDCA1A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EFA44272-9251-4BE1-97E8-3A67A6FF189E}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F27D29A-C785-438C-9D65-8B24E9D30D11}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{D6224275-058F-45EB-972D-D0A0D97BEE6F}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{CE0CE3D9-DDB5-49AA-90EC-56B21869500E}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
FirewallRules: [{533BEB7D-B1C8-4D70-ADF8-9A2F7C050186}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
FirewallRules: [{6D9F1EE0-9D89-4C82-8C6D-3D9764FB299A}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{79B7E3B6-3339-4CD9-8816-49FB0A31BD02}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{643D0578-8A69-4905-A8D3-0DF154B0D55E}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{102A614F-9886-4CE3-BA01-748B24B982EC}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{86EA2F91-3170-45B7-87BE-9EDF14D5F9F7}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
FirewallRules: [{E3EDAF87-F223-42D1-9D87-E517CCBD7EED}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
FirewallRules: [{C49029D8-B5DD-458C-9952-2E1407950793}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{60CA01AA-E52C-4D89-A20E-3F6DAAC2DA6F}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{B1BAEE1C-E62B-47CB-B4D1-A52BAF100417}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{D23216F8-3BBE-4D49-80B6-93F65D81F4A5}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{D47598EA-F172-4AA8-9D87-721D82CC3075}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1D19A12F-F54C-417B-9032-96A0914E14AF}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{2A02F79A-A4B9-420A-9085-4F29CFDD848B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{1D120B5E-BAA7-4512-90A0-5A0433394B0D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{37B4C348-9AE0-40BA-A938-A11716788080}] => (Allow) C:\Users\Nancy\AppData\Local\ddnowyes.exe
FirewallRules: [{CF246BA3-16CE-418D-B639-A3117D5C4F40}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\setup.exe
FirewallRules: [{B527EDEA-467D-4D31-ABA8-311A185EFF94}] => (Allow) C:\Users\Nancy\AppData\Local\39164305.exe
FirewallRules: [{05B25E18-E8BF-44B3-A2A8-91FEE02B7976}] => (Allow) C:\Users\Nancy\AppData\Local\tinstall.exe
FirewallRules: [{CFF3917F-840A-423B-96DA-44B9F39BD8CE}] => (Allow) C:\Users\Nancy\AppData\Local\cap.exe
FirewallRules: [{BA142D32-1705-4F23-A89F-CFE050A2CF34}] => (Allow) C:\Users\Nancy\AppData\Local\ddnow.exe
FirewallRules: [{BC84FAB7-976A-4631-923A-F5DA9832CCC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

30-04-2016 14:59:13 Windows Update
30-04-2016 18:57:19 Installed DirectX
01-05-2016 20:25:40 Revo Uninstaller's restore point - KNCTR
01-05-2016 20:33:00 Revo Uninstaller's restore point - SecuriDex1.12
03-05-2016 00:22:38 JRT Pre-Junkware Removal
03-05-2016 00:24:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VB-Audio VoiceMeeter AUX VAIO
Description: VB-Audio VoiceMeeter AUX VAIO
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VB-Audio VoiceMeeter AUX VAIO
Description: VB-Audio VoiceMeeter AUX VAIO
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2016 09:54:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2016 09:52:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Exception code: 0xc0000005
Fault offset: 0x00000000000172b9
Faulting process id: 0x4b0
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (05/03/2016 09:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/03/2016 09:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/03/2016 08:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2016 08:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Exception code: 0xc0000005
Fault offset: 0x00000000000172b9
Faulting process id: 0x4b4
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (05/03/2016 08:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/03/2016 08:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/03/2016 08:00:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/03/2016 07:50:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/03/2016 09:57:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/03/2016 09:57:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/03/2016 09:53:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/03/2016 09:52:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (05/03/2016 09:52:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wyaqki service failed to start due to the following error:
%%2

Error: (05/03/2016 08:10:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/03/2016 08:09:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (05/03/2016 08:09:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wyaqki service failed to start due to the following error:
%%2

Error: (05/03/2016 08:04:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/03/2016 08:04:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

CodeIntegrity:
===================================
Date: 2016-05-03 20:04:00.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-03 20:04:00.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-01 20:27:22.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:22.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:15.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:14.539
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:13.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:13.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8135 MB
Available physical RAM: 4614.92 MB
Total Virtual: 16268.2 MB
Available Virtual: 12606.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:24.38 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Nancy) (Fixed) (Total:465.66 GB) (Free:162.63 GB) NTFS
Drive f: (GAEMS

) (Fixed) (Total:931.51 GB) (Free:781.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 83E89C3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 17FE5D81)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B4A6920C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · May 3, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Bunbun · May 3, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Nancy (2016-05-03 23:37:17) Run:1
Running from E:\Desktop
Loaded Profiles: Nancy & postgres (Available Profiles: Nancy & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
CHR StartupUrls: Profile 1 -> "hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Profile 1 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
CHR DefaultSearchKeyword: Profile 1 -> www-searching.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
S2 Wyaqki; "C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
2016-02-05 13:23 - 2016-03-10 23:44 - 0000033 _____ () C:\Users\Nancy\AppData\Roaming\AdobeWLCMCache.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 6494208 _____ () C:\Users\Nancy\AppData\Roaming\agent.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 0072717 _____ () C:\Users\Nancy\AppData\Roaming\Blackfax.tst
2016-05-01 20:25 - 2016-05-01 20:27 - 0127488 _____ () C:\Users\Nancy\AppData\Roaming\Installer.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 0018432 _____ () C:\Users\Nancy\AppData\Roaming\Main.dat
2016-05-01 20:27 - 2016-05-01 20:27 - 1626777 _____ () C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst
2015-05-10 16:06 - 2015-05-24 22:48 - 0030598 _____ () C:\Users\Nancy\AppData\Roaming\VoiceMeeterDefault.xml
2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\run.txt
2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\stxtname.txt
2015-04-25 21:23 - 2015-04-25 21:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Nancy\brwc_swtor.exe
C:\Users\Nancy\icudt.dll
C:\Users\Nancy\launcherDiag.exe
C:\Users\Nancy\launcherRestartMsg.exe
C:\Users\Nancy\libcef.dll
C:\Users\Nancy\SWTORLaunch.dll
Task: {3D6215F6-CA1C-44D3-850F-8F6C34D30575} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core -> No File <==== ATTENTION
Task: {42878D1A-A495-492C-8BD7-EABE4BA51388} - System32\Tasks\IBUpd2 => C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {5CF0C7F0-B350-4C6E-9DAC-C3A5E2E3FA21} - \AdobeAAMUpdater-1.0-Silent-Knight-Nancy -> No File <==== ATTENTION
C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe
Task: {8FABE58C-337B-4497-9CB2-DEE46E457F82} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {96F9CC98-6ADA-4F9E-AE13-A3C9F558E89A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {AADA29C5-78EC-44E3-81B9-89136AA2A0B0} - \3409948 -> No File <==== ATTENTION
Task: {BD032AD3-7BAE-4321-BFEB-3C2A016114F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C52B8E95-C383-40B2-8B2E-CE03C7B5D6EE} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== ATTENTION
Task: {CB6C034A-D3D3-4924-B225-58CFC7513C9F} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA -> No File <==== ATTENTION
Task: {CD96F01C-3DBF-4985-BEB5-DE63457B5D7D} - System32\Tasks\IBUpd => C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
C:\ProgramData\smp2.exe
C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe
Task: {E635D6C0-8D46-4A30-8878-E23C4291A457} - \PaintTool SAI -> No File <==== ATTENTION
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3CAE2A70 [130]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [222]

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
Wyaqki => service removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
X6va021 => service removed successfully
X6va029 => service removed successfully
X6va031 => service removed successfully
X6va060 => service removed successfully
X6va062 => service removed successfully
C:\Users\Nancy\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Nancy\AppData\Roaming\agent.dat => moved successfully
C:\Users\Nancy\AppData\Roaming\Blackfax.tst => moved successfully
C:\Users\Nancy\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Nancy\AppData\Roaming\Main.dat => moved successfully
C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst => moved successfully
C:\Users\Nancy\AppData\Roaming\VoiceMeeterDefault.xml => moved successfully
C:\Users\Nancy\AppData\Local\run.txt => moved successfully
C:\Users\Nancy\AppData\Local\stxtname.txt => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Nancy\brwc_swtor.exe => moved successfully
C:\Users\Nancy\icudt.dll => moved successfully
C:\Users\Nancy\launcherDiag.exe => moved successfully
C:\Users\Nancy\launcherRestartMsg.exe => moved successfully
C:\Users\Nancy\libcef.dll => moved successfully
C:\Users\Nancy\SWTORLaunch.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D6215F6-CA1C-44D3-850F-8F6C34D30575}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D6215F6-CA1C-44D3-850F-8F6C34D30575}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42878D1A-A495-492C-8BD7-EABE4BA51388}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42878D1A-A495-492C-8BD7-EABE4BA51388}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CF0C7F0-B350-4C6E-9DAC-C3A5E2E3FA21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CF0C7F0-B350-4C6E-9DAC-C3A5E2E3FA21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Silent-Knight-Nancy" => key removed successfully
"C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FABE58C-337B-4497-9CB2-DEE46E457F82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FABE58C-337B-4497-9CB2-DEE46E457F82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F9CC98-6ADA-4F9E-AE13-A3C9F558E89A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F9CC98-6ADA-4F9E-AE13-A3C9F558E89A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AADA29C5-78EC-44E3-81B9-89136AA2A0B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADA29C5-78EC-44E3-81B9-89136AA2A0B0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3409948 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD032AD3-7BAE-4321-BFEB-3C2A016114F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD032AD3-7BAE-4321-BFEB-3C2A016114F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C52B8E95-C383-40B2-8B2E-CE03C7B5D6EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C52B8E95-C383-40B2-8B2E-CE03C7B5D6EE}" => key removed successfully
C:\Windows\System32\Tasks\SMW_P => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB6C034A-D3D3-4924-B225-58CFC7513C9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6C034A-D3D3-4924-B225-58CFC7513C9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD96F01C-3DBF-4985-BEB5-DE63457B5D7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD96F01C-3DBF-4985-BEB5-DE63457B5D7D}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd" => key removed successfully
"C:\ProgramData\smp2.exe" => not found.
"C:\Users\Nancy\AppData\Local\BrowserAir\47.0.0.5\updater.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E635D6C0-8D46-4A30-8878-E23C4291A457}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E635D6C0-8D46-4A30-8878-E23C4291A457}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PaintTool SAI => key not found.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":3CAE2A70" ADS removed successfully.
C:\ProgramData\TEMP => ":887F3A41" ADS removed successfully.

==== End of Fixlog 23:37:17 ====

Broni · May 3, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Bunbun · May 3, 2016

Others to be posted soon!

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 66
Google Chrome (49.0.2623.112)
Google Chrome (50.0.2661.94)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Bunbun · May 3, 2016

Farbar Service Scanner Version: 27-01-2016
Ran by Nancy (administrator) on 03-05-2016 at 23:46:21
Running from "E:\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Bunbun · May 4, 2016

The scan from Sophos said my computer was clean ^_^

Broni · May 4, 2016

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Bunbun · May 5, 2016

Thank you so so much for your help! My computer seems clear, except when malware blocked a few threats ^_^! But the two prompts that I mentioned earlier with "network has stopped working" and the "C:\Users\Nancy\AppData\Local\Temp\211247Log.iniis lost" still appears. I checked the application for the network notification and it says gaol.exe. Is that something that I need to remove?

Broni · May 5, 2016

It seems to be some leftover.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Bunbun · May 5, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 02
Ran by Nancy (administrator) on SILENT-KNIGHT (05-05-2016 19:57:47)
Running from E:\Desktop
Loaded Profiles: Nancy & postgres (Available Profiles: Nancy & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hammer & Chisel, Inc.) C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Dropbox, Inc.) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) F:\Live! Central\RfLVCentral2.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Malwarebytes) E:\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Hammer & Chisel, Inc.) C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hammer & Chisel, Inc.) C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2015-04-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2015-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Rocket Live! Central 2] => F:\Live! Central\RFLVCentral2.exe [430247 2010-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0650Mon.exe] => C:\Windows\V0650Mon.exe
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Dropbox Update] => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify Web Helper] => C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Discord] => C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify] => C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-05-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-05-02]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Bunbun · May 5, 2016

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> E:\Downloads\Arc\Plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Downloads\Arc\plugins\NPSWF32.dll [2015-05-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-04] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Downloads\Arc\Plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-1716612969-2344737603-4151003975-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12]
CHR Extension: (BetterTTV) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-25]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-05]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-05-05]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]
CHR HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; E:\Downloads\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2015-04-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MBAMScheduler; E:\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; E:\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-28] (BitRaider)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2015-04-25] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-05-24] (Echobit, LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-14] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-30] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-02] ()
R3 V0650Vid; C:\Windows\System32\DRIVERS\V0650Vid.sys [393536 2010-04-01] (Creative Technology Ltd.)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-05-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Bunbun · May 5, 2016

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-05 19:57 - 2016-05-05 19:57 - 00000000 ____D C:\FRST
2016-05-05 12:42 - 2016-05-05 12:42 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-05 00:41 - 2016-05-05 00:41 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-05-05 00:41 - 2016-05-05 00:41 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-05-05 00:35 - 2016-05-05 00:35 - 00001786 _____ C:\DelFix.txt
2016-05-05 00:35 - 2016-05-05 00:35 - 00000000 ____D C:\Windows\ERUNT
2016-05-05 00:33 - 2016-05-05 00:32 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-05-05 00:32 - 2016-05-05 00:32 - 00000000 ____D C:\Program Files\Java
2016-05-05 00:31 - 2016-05-05 17:48 - 00004616 _____ C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly
2016-05-05 00:31 - 2016-05-05 00:31 - 00004492 _____ C:\Windows\System32\Tasks\DistromaticUpdater-periodic
2016-05-05 00:31 - 2016-05-05 00:31 - 00004094 _____ C:\Windows\System32\Tasks\DistromaticSearchProtect-logon
2016-05-05 00:31 - 2016-05-05 00:31 - 00003968 _____ C:\Windows\System32\Tasks\DistromaticUpdater-logon
2016-05-05 00:31 - 2016-05-05 00:31 - 00000000 ____D C:\Users\Nancy\AppData\Local\Amazon Browser Settings
2016-05-05 00:31 - 2016-05-05 00:31 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Settings
2016-05-05 00:31 - 2016-05-05 00:31 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-05-05 00:29 - 2016-05-05 00:29 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-03 23:54 - 2016-05-03 23:54 - 00000000 ____D C:\ProgramData\Sophos
2016-05-03 23:54 - 2016-05-03 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-05-03 23:54 - 2016-05-03 23:54 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-05-03 20:00 - 2016-05-03 20:04 - 00000000 ____D C:\Windows\erdnt
2016-05-02 23:28 - 2016-05-05 19:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-02 23:28 - 2016-05-02 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-02 23:28 - 2016-05-02 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-02 23:28 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-02 23:28 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-02 23:28 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-02 22:46 - 2016-05-02 23:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-02 22:46 - 2016-05-02 22:46 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow00723F98
2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow00000000027243C8
2016-05-02 09:03 - 2016-05-02 09:03 - 01264640 _____ C:\Windows\system32\bi2.exe
2016-05-01 23:38 - 2016-05-01 23:38 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow03887D90
2016-05-01 20:58 - 2016-05-01 20:58 - 00002243 _____ C:\Windows\epplauncher.mif
2016-05-01 20:48 - 2016-05-02 23:37 - 00573760 _____ C:\Windows\ntbtlog.txt
2016-05-01 20:34 - 2016-05-03 00:22 - 00000000 ____D C:\a
2016-05-01 20:34 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\herc
2016-05-01 20:34 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\dissertation
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\scantily
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\InternetPlus
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\domingo
2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\disassociation
2016-05-01 20:32 - 2016-05-01 20:32 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\c
2016-05-01 20:29 - 2016-05-01 20:29 - 00041512 _____ C:\Windows\responsiveness.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00036864 _____ C:\Windows\imperceptibly.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00008704 _____ C:\Windows\mongolians.exe
2016-05-01 20:29 - 2016-05-01 20:29 - 00008192 _____ C:\Windows\cicada.exe
2016-05-01 20:28 - 2016-05-01 20:28 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow0061C778
2016-05-01 20:27 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Caster
2016-05-01 20:27 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\SecuriDex
2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Windows\system32\iup
2016-05-01 20:25 - 2016-05-02 23:33 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Reuopreux
2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\Local\Tempfolder
2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\uninst
2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\efo
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\RocketFish
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Creative
2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\ProgramData\Creative
2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocketfish
2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\Program Files (x86)\Creative
2016-04-28 16:59 - 2010-03-26 13:37 - 00173056 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
2016-04-28 16:59 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
2016-04-28 16:59 - 2006-09-19 13:56 - 00057656 ____N C:\Windows\system32\Drivers\FilterPC.bmp
2016-04-28 16:58 - 2010-07-21 09:01 - 00045056 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Pin.dll
2016-04-28 16:58 - 2010-07-21 09:01 - 00044544 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Pin.dll
2016-04-28 16:58 - 2010-07-21 09:01 - 00028672 _____ (Creative Technology Ltd.) C:\Windows\V0650Mon.exe
2016-04-28 16:58 - 2010-06-28 15:50 - 00268800 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Afx.sys
2016-04-28 16:58 - 2010-04-01 09:00 - 00393536 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Vid.sys
2016-04-28 16:58 - 2010-03-26 09:00 - 00069632 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.crl
2016-04-28 16:58 - 2010-03-26 09:00 - 00058880 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.crl
2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\V0650AF.dll
2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\system32\V0650AF.dll
2016-04-28 16:58 - 2010-03-12 20:00 - 00004195 _____ C:\Windows\VF0650.uns
2016-04-28 16:58 - 2010-02-26 10:00 - 00134656 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.ax
2016-04-28 16:58 - 2010-02-26 10:00 - 00114688 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.ax
2016-04-28 16:58 - 2010-02-11 10:00 - 00032768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Hwx.dll
2016-04-28 16:58 - 2010-02-11 10:00 - 00023040 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Hwx.dll
2016-04-28 16:58 - 2009-09-25 15:27 - 00108032 _____ (Creative Technology Ltd.) C:\Windows\CtDrvIns.exe
2016-04-28 16:58 - 2009-09-03 16:47 - 00285696 _____ (Creative Technology Ltd.) C:\Windows\system32\CTAFX64.dll
2016-04-28 16:58 - 2009-06-26 13:40 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamMgr.dll
2016-04-28 16:58 - 2009-06-26 13:40 - 00029184 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamMgr.dll
2016-04-28 16:58 - 2007-08-23 19:46 - 00020480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamPin.crl
2016-04-28 16:58 - 2007-08-23 19:46 - 00010752 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamPin.crl
2016-04-28 16:58 - 2006-09-19 13:56 - 00057656 _____ C:\Windows\system32\Drivers\V0650PC.bmp
2016-04-28 00:15 - 2016-05-02 23:35 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-04-28 00:15 - 2016-04-28 01:05 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Audacity
2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Users\Nancy\AppData\Local\Audacity
2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Program Files\Blackmagic Design
2016-04-27 23:09 - 2016-05-05 12:42 - 00000000 ____D C:\Users\postgres
2016-04-27 23:09 - 2016-04-27 23:09 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-04-27 23:09 - 2016-04-27 23:09 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-04-27 23:09 - 2016-03-15 21:50 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
2016-04-27 23:09 - 2011-04-12 04:28 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\Program Files\PostgreSQL
2016-04-27 23:07 - 2016-04-27 23:07 - 00000000 ____D C:\temp
2016-04-27 22:49 - 2016-04-27 22:51 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake
2016-04-27 22:49 - 2016-04-27 22:49 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake Team
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Program Files\Handbrake
2016-04-16 19:07 - 2016-04-16 19:07 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Dodge Roll
2016-04-15 13:21 - 2016-04-15 13:21 - 00000000 ____D C:\ProgramData\Blackmagic Design
2016-04-15 13:20 - 2016-04-15 13:20 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Apple Computer
2016-04-14 23:55 - 2016-04-14 23:55 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-12 18:52 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 18:52 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 18:52 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 18:52 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 18:52 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 18:52 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 18:52 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 18:52 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 18:52 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 18:52 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 18:52 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 18:52 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 18:52 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 18:52 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 18:52 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 18:52 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 18:52 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 18:52 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 18:52 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 18:52 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 18:52 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 18:52 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 18:52 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 18:52 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 18:52 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 18:52 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 18:52 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 18:52 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 18:52 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 18:52 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 18:52 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 18:52 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 18:52 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 18:52 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 18:52 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 18:52 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 18:52 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 18:52 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 18:52 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 18:52 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 18:52 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 18:52 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 18:52 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 18:52 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 18:52 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 18:52 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 18:52 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 18:52 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 18:52 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 18:52 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 18:52 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 18:52 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 18:52 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 18:52 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 18:52 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 18:52 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 18:52 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 18:52 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 18:52 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 18:52 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 18:52 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 18:52 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 18:52 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 18:52 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 18:52 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 18:52 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 18:52 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 18:52 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 18:52 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 18:52 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 18:52 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 18:52 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 18:52 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 18:52 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 18:52 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 18:52 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 18:52 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 18:52 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 18:52 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 18:52 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 18:52 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 18:52 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 18:52 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 18:52 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 18:52 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 18:52 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 18:52 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 18:52 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 18:52 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 18:52 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 18:52 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 18:52 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 18:52 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 18:52 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 18:52 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 18:52 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 18:52 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 18:52 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 18:52 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 18:52 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 18:52 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 18:52 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 18:52 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 18:52 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 18:52 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 18:52 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 18:52 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 18:52 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 18:52 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 18:52 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 18:52 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 18:52 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 18:52 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 18:52 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 18:52 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 18:52 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 18:52 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-10 19:34 - 2016-04-10 19:34 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\CampoSanto
2016-04-06 21:35 - 2016-05-02 23:35 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2016-04-06 21:35 - 2016-04-06 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-05 19:54 - 2016-01-30 17:07 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Spotify
2016-05-05 19:49 - 2015-04-26 15:53 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Skype
2016-05-05 19:34 - 2015-05-04 21:47 - 00000000 ____D C:\Users\Nancy\AppData\Local\Adobe
2016-05-05 19:34 - 2015-04-26 16:12 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Adobe
2016-05-05 18:39 - 2016-01-30 17:08 - 00000000 ____D C:\Users\Nancy\AppData\Local\Spotify
2016-05-05 17:55 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:55 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:53 - 2009-07-14 01:13 - 00783646 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-05 17:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-05 17:47 - 2015-04-25 22:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-05 17:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-05 00:43 - 2015-05-04 21:50 - 00000000 ____D C:\ProgramData\Adobe
2016-05-05 00:37 - 2016-03-15 18:51 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-05 00:33 - 2016-01-11 14:12 - 00000000 ____D C:\Users\Nancy\.oracle_jre_usage
2016-05-05 00:33 - 2015-04-25 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-05 00:30 - 2015-04-25 21:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-05 00:24 - 2015-12-13 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-05 00:24 - 2015-12-13 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-05 00:24 - 2015-06-16 12:17 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job
2016-05-03 23:37 - 2015-04-25 20:48 - 00000000 ____D C:\Users\Nancy
2016-05-03 20:05 - 2015-08-23 12:27 - 00000000 ____D C:\Users\Nancy\AppData\Local\Apps\2.0
2016-05-03 20:04 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-05-03 19:54 - 2015-12-13 14:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 00:00 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\discord
2016-05-03 00:00 - 2015-04-26 15:54 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Dropbox
2016-05-02 23:35 - 2016-03-15 22:09 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2016-05-02 23:35 - 2016-03-15 22:08 - 00001550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
2016-05-02 23:35 - 2016-03-15 22:08 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:51 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-05-02 23:35 - 2016-03-15 21:50 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-05-02 23:35 - 2016-03-13 13:42 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-05-02 23:35 - 2016-03-13 13:42 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-05-02 23:35 - 2016-02-05 13:22 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-05-02 23:35 - 2016-01-30 17:08 - 00001773 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-02 23:35 - 2015-11-11 20:14 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-02 23:35 - 2015-07-11 15:02 - 00002597 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-05-02 23:35 - 2015-05-18 20:10 - 00000834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2016-05-02 23:35 - 2015-04-26 19:01 - 00000910 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-05-02 23:35 - 2015-04-26 11:36 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-02 23:35 - 2015-04-26 11:36 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-02 23:35 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-02 23:35 - 2009-07-14 00:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-02 23:35 - 2009-07-14 00:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-02 23:35 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-02 23:34 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-02 23:34 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-05-01 20:27 - 2015-04-26 18:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-01 01:35 - 2015-06-16 12:17 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job
2016-04-30 23:04 - 2015-05-09 21:38 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\OBS
2016-04-30 22:08 - 2015-04-26 16:00 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Mumble
2016-04-28 18:54 - 2015-04-26 19:00 - 00000000 ____D C:\Users\Nancy\AppData\Local\osu!
2016-04-28 17:26 - 2015-05-24 13:44 - 00000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps
2016-04-28 16:59 - 2015-04-25 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-28 14:41 - 2016-01-30 16:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-28 14:41 - 2015-04-26 15:53 - 00000000 ____D C:\ProgramData\Skype
2016-04-27 23:07 - 2015-05-04 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-27 22:45 - 2015-05-04 22:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-27 22:00 - 2015-10-17 16:51 - 00000000 ____D C:\Users\Nancy\AppData\Local\TERA
2016-04-22 17:57 - 2016-03-09 22:59 - 00000000 ____D C:\Users\Nancy\AppData\Local\Discord
2016-04-22 17:57 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-22 17:57 - 2015-05-20 12:13 - 00000000 ____D C:\Users\Nancy\AppData\Local\SquirrelTemp
2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 16:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 13:13 - 2015-04-26 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-15 13:10 - 2016-03-13 13:41 - 00000000 ____D C:\Users\Nancy\AppData\Local\Windows Live
2016-04-13 12:53 - 2009-07-14 00:45 - 04953336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 01:34 - 2015-04-26 15:55 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 01:31 - 2015-04-26 15:55 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-05 13:45

==================== End of FRST.txt ============================

Bunbun · May 5, 2016

ADDITION TXT.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 02
Ran by Nancy (2016-05-05 19:57:59)
Running from E:\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-26 00:48:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1716612969-2344737603-4151003975-500 - Administrator - Disabled)
Guest (S-1-5-21-1716612969-2344737603-4151003975-501 - Limited - Disabled)
Nancy (S-1-5-21-1716612969-2344737603-4151003975-1000 - Administrator - Enabled) => C:\Users\Nancy
postgres (S-1-5-21-1716612969-2344737603-4151003975-1001 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Orange Juice (HKLM-x32\...\Steam App 282800) (Version: - Orange_Juice)
60 Seconds! (HKLM\...\Steam App 368360) (Version: - Robot Gentleman)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Atom (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\atom) (Version: 1.5.4 - GitHub Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Awesomenauts (HKLM\...\Steam App 204300) (Version: - Ronimo Games)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\BitTorrent) (Version: 7.9.3.40634 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster)
Cat Goes Fishing (HKLM\...\Steam App 343780) (Version: - Cat5Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Cook, Serve, Delicious! (HKLM\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
Crimzon Clover WORLD IGNITION (HKLM\...\Steam App 285440) (Version: - YOTSUBANE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
Dear Esther (HKLM\...\Steam App 203810) (Version: - The Chinese Room)
Discord (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Firewatch (HKLM\...\Steam App 383870) (Version: - Campo Santo)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3920 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Journal (HKLM\...\Steam App 261680) (Version: - Locked Door Puzzle)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.1.3.1173 - Kakao Corp.)
Keep Talking and Nobody Explodes (HKLM\...\Steam App 341800) (Version: - Steel Crate Games)
Krita Desktop (x64) 2.9.6.3 (HKLM\...\{075BFD2E-33CB-4251-93CD-CD644A40C891}) (Version: 2.9.6.3 - Krita Foundation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Long Live The Queen (HKLM\...\Steam App 251990) (Version: - Hanako Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moobot Assistant (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mumble 1.2.13 (HKLM-x32\...\{AB6B69F9-1A90-44EC-AE6C-A6BEA2C4F0CB}) (Version: 1.2.13 - Thorvald Natvig)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{904a59ce-aa0f-4709-bbea-702b9ed44afc}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rocketfish HD Webcam (1.01.01.00) (HKLM\...\Rocketfish VF0650) (Version: - Rocketfish)
Rocketfish Live! Central (HKLM-x32\...\Rocketfish Live! Central) (Version: 2.00.55 - Creative Technology Ltd)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Sleeping Dogs: Definitive Edition (HKLM\...\Steam App 307690) (Version: - United Front Games)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
SteelSeries Engine 3.6.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.3 - SteelSeries ApS)
Stray Cat Crossing Demo (HKLM-x32\...\Steam App 398600) (Version: - Jurlo)
Strider (HKLM-x32\...\Steam App 235210) (Version: - Double Helix Games)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Knobbly Crook: Chapter I - The Horse You Sailed In On (HKLM\...\Steam App 378300) (Version: - Gnarled Scar Manipulations)
The Typing of The Dead: Overkill (HKLM\...\Steam App 246580) (Version: - Modern Dream)
There's Poop In My Soup (HKLM\...\Steam App 449540) (Version: - Rudder Games)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
TwitchAlerts (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts)
Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
White Night (HKLM\...\Steam App 301560) (Version: - OSome Studio)
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

Bunbun · May 5, 2016

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA017E7-D530-4046-A74F-83A42FEE2C0E} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {118B3AD1-1177-467F-AC83-C4FBBFD0C0D2} - System32\Tasks\ASUS\I-Setup211247 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
Task: {140D80DF-FE86-499B-832F-88FBEA8BB0F3} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {2EACD216-55C3-44AC-B06E-8334BA428602} - System32\Tasks\ASUS\I-Setup234056 => C:\Windows\Install\AsusSetup.exe
Task: {531BD492-B2F4-4F5B-A056-5A95EA577248} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {789202B6-A930-4D0A-B986-ED2184841BF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D2E81F2D-65CE-4E13-BCE6-D165F409370B} - System32\Tasks\ASUS\I-Setup211559 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
Task: {D3887299-B865-4415-A295-F20E1110D13A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-05] (Distromatic) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-04-25 22:24 - 2015-11-02 09:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-04-27 23:08 - 2013-04-01 23:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-04-27 23:08 - 2012-08-14 09:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2015-12-09 14:58 - 2014-01-13 12:24 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-04-25 22:24 - 2015-10-11 23:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-22 17:57 - 2016-04-21 15:36 - 02608128 _____ () C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\libdiscord.dll
2016-04-22 17:57 - 2016-04-21 15:36 - 00108544 _____ () \\?\C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\resources\node_modules\discord_overlay\discord_overlay.node
2015-12-11 21:01 - 2016-03-21 17:50 - 00034768 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-14 23:55 - 2016-03-21 17:51 - 00019408 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00116688 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 21:01 - 2016-03-21 17:50 - 00093640 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00018376 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00019760 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00105928 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00392144 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 21:01 - 2016-04-08 14:20 - 00381752 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00692688 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020816 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 21:01 - 2016-03-21 17:51 - 00112592 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 01682760 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00021840 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00038696 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-14 23:55 - 2016-03-21 17:52 - 00020936 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024528 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00114640 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00124880 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00021832 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024016 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00175560 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00030160 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00043472 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00028616 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00048592 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00026456 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00057808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00024016 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00117056 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 21:01 - 2016-04-08 14:20 - 00023376 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 21:01 - 2016-03-21 17:50 - 00134608 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-14 23:55 - 2016-03-21 17:50 - 00134088 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-14 23:55 - 2016-03-21 17:51 - 00240584 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00024392 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-14 23:55 - 2016-03-21 17:52 - 00036296 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-14 23:55 - 2016-04-08 14:19 - 00052024 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00020800 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00021824 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00019776 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00020800 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00020280 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 21:01 - 2016-03-21 17:52 - 00350152 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 01:44 - 2016-04-08 14:20 - 00022352 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-14 23:55 - 2016-04-08 14:19 - 00084280 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-14 23:55 - 2016-04-08 14:20 - 01826096 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 21:01 - 2016-03-21 17:51 - 00083912 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 03928880 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 01971504 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00531248 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00132912 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00223544 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00207672 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00158008 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00042808 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-14 23:55 - 2016-03-21 17:54 - 00017864 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-14 23:55 - 2016-03-21 17:54 - 01631184 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-11 21:01 - 2016-04-08 14:20 - 00024904 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00546096 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-14 23:55 - 2016-04-08 14:20 - 00357680 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 17:45 - 2016-03-21 17:56 - 00697304 _____ () C:\Users\Nancy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-22 17:57 - 2016-04-22 17:57 - 01684480 _____ () C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\libglesv2.dll
2016-04-22 17:57 - 2016-04-22 17:57 - 00012288 _____ () C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\libegl.dll
2016-05-05 17:48 - 2016-05-05 17:48 - 00140800 _____ () \\?\C:\Users\Nancy\AppData\Local\Temp\7F2D.tmp.node
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-03 19:54 - 2016-04-27 19:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-03 19:54 - 2016-04-27 19:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-05-03 19:54 - 2016-04-27 19:25 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-03 20:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CA850337-2A4C-4A8A-82AF-4C9E5727EBAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{82743C46-D2C3-4214-AF5C-74464C141BBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA860072-5BEC-4590-82FC-9A49F1955FD4}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4FED180B-FE31-4DBA-B6D9-6E0E8F2DF569}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0BB38351-AF8C-4915-9F15-EAB77AA59307}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34BF9E6B-6BFA-43B1-A789-4030CB3BA1B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55FCA881-379A-45B4-A749-ED73A23BFEC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{636AA001-6352-4AD6-8BD8-625A8D6E26EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{58491868-C389-44C9-AC99-84548ADED842}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{45FFC5C0-B3F2-4F31-B61F-24DF9E431B25}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{9C259B5D-A70B-4268-9B1B-AECAF35E5755}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{AF2E69B4-7D33-4BBA-9153-5C38CB9B4BF4}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{1B5E3003-2C00-46BF-A199-24A6CD4CE12A}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BD2AFC90-1715-4EF1-8894-6735610383E2}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C925A17E-8ED8-4C9E-9C35-6B17303FE87E}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{28A534B4-FD1E-4A8B-ADF6-EB01326D5F48}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{252B4E47-A5D2-4BD2-9F9C-302415DDD533}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D2562BF8-9FF3-40ED-935E-720665EF43EF}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{134F1368-92DF-459C-B5BE-17F5DB8E0F35}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{AF8CCDD7-BA7F-47C6-AD05-9051856BAA14}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{985D84D5-BBD5-45CF-A48B-60952E272062}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{56F755E0-8216-44D5-BFF7-15FC70F9C2DB}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A7787897-2158-4E09-A0B2-5AFC86E1958B}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{A800E5AD-57E7-4F89-9BB0-EF30DB6AAC8D}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{D8D32F7B-04B8-410B-A5CA-588624FF8A33}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{63B64796-AC28-4634-9AC5-BA82E30CBB04}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{E5DB4A09-3C4E-469D-9062-E7DFC315C512}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{EDB4D55E-6B92-432B-BF60-EFE045A9820B}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8883127C-8E0E-4AC1-96A5-C1AA8C975F6B}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3C7594B7-D47E-4C44-A177-04B8384E4CD9}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4CFC0D5D-70CA-4CEB-A24B-ABF6548787C8}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A3C5A3B7-A2FB-4D39-9E50-BC0B63FFBAC5}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AB87F5D0-7208-4C6D-A6F1-DFF718135C51}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9741A865-4CF4-4BA0-98CD-F6C538D5D783}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1EF8B1A6-D86F-41CC-BFB6-BDDC2984BD1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3EA4F37F-8696-4707-AECF-DB1D7228CBB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3C017C47-C3E8-4AFF-8CD1-B464CE8BFDAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B6F73F5-7E34-4043-B338-777039677803}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4A6538E3-D7C3-43D2-9C51-78658E43673C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122E4204-2A28-42A7-947A-F5C21B630506}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{44E0B86E-13C3-449A-B272-3B2B42043C21}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{8714BDFF-35C2-4F4F-9F25-902AD96CCCB9}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
FirewallRules: [{D5B337C0-8DF9-4A5E-B678-7E26E623904A}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
FirewallRules: [{A0F6C3EB-027A-4A80-9107-D9A7E78C0888}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{2B410402-F832-4B4A-BFA5-D6D9353B581D}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{880E159E-BF42-4A92-B9CE-1556CBEF3C82}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
FirewallRules: [{E5119782-9C40-4C69-AE0C-207D1684421F}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
FirewallRules: [{2DF84BDD-C3A8-4157-9B0D-C2FAC8A36A78}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{757552F0-B94B-4EF2-847B-4D9DA202F6B2}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
FirewallRules: [{C7546C24-9468-4869-9801-4A9B0B073DD6}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{423FD44A-696F-4A39-B0E1-8D22796D74DE}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{FE3D6A81-D325-4FD6-96AA-73EBDE052744}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64FE28A2-110B-4D5B-96C1-D9073569C9F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D50F614-2C58-4B55-9BB6-F06DB9123E1F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{461BA562-9657-4E5E-AF88-E50296C255EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC3C4DEC-875C-43EB-9428-6236104BFBCC}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{F5537F0D-F4B3-4899-A657-E3A11E5FB831}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{F41F2DA8-FAA7-4F9D-BCA7-7AABCEDC94A0}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{9782D7F5-9ECF-4335-AF78-8DA407AFCC68}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [TCP Query User{17D15F1C-474A-4835-85A4-8DFEC8CEDF14}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{E03AD1FE-8648-4A66-96ED-493E8E216CA9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F048DA76-C7EA-41A1-B9B3-8AB41FE1FD18}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D6832DAB-1CB5-4D50-A0BB-BD137A2886AF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9966FC91-89D1-43CD-B996-E9D435BAE01F}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{3701F295-8530-47FE-B1AA-200D784F9726}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C0D954A0-D9FB-4594-BF2F-0C5460CE8BD6}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{4202B8D2-0112-4DF4-968C-6E13C0654755}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{328DEFC2-2997-4929-9AC1-B299D77AE402}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{E8681420-7968-4720-B57E-475B99097A1B}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{B6FF7BCF-F859-45F1-9F17-76B536595486}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{62C10A6E-C013-4038-A0B8-1C6942861696}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{72D5F959-C4BB-4DC0-9721-B2AC04993238}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
FirewallRules: [{B2F6E4BE-A031-423C-A606-DA000DE3D470}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
FirewallRules: [{0AF5151C-BC5E-40B0-AB64-D5114DAB918D}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3EDC88AB-9310-43A8-9CF1-D553406870BE}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{2565A482-E68B-414E-B135-438745C98B59}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{2CC559F4-58F8-4504-A672-963AF7858841}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{90095932-23A4-43B3-8349-CDC5038113D0}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{FD963F31-17B7-4952-A22D-8F207E2AF136}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{C8D6FDDC-E4CB-4A04-B229-1B9E043BE04F}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{44490872-1279-4E55-BFDD-B6AE43F8D32A}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{25BB77C6-AC0E-487A-916F-ECE5504F7203}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EFCFBEA7-4476-4129-AD73-3EF6D9F02818}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{804D0F0E-7928-4376-AEE3-2872DCADFCDF}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{28D511A6-AA8B-43E4-8092-7B810B25D9A4}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{D089CA47-9CA6-4EBD-BE41-8FB788DCC8EA}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{7018B7E0-0969-4443-8CF5-B0891A68819A}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{59000A7E-5F9A-449A-AD20-050206839613}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3CE3BD18-7C96-4DEF-B4BE-7CCF842C1676}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{EE2BFA29-3687-4E5A-BA78-0E15F1BC0C57}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{75E4AE9E-984F-4CB3-96E9-A6F7E96B5EC2}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{E64C92D9-C9B7-4E02-AAF6-1B02805B8C80}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{C974C8BE-0B87-4490-AA66-3A001EE3E995}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{2CA2FE66-9A4C-429D-AB9B-287C57535FFB}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{313B8372-EAEA-44D6-960F-0B8E4C147BA4}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{531F9CED-9BC6-45FA-BDC2-3B2B5BEB285E}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [TCP Query User{7F717E6B-324C-4524-BC2D-E310BABD5479}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe

Solved Virus, please help, thank you so much!! FRST file here

Posts: 56,041 +516

Posts: 46 +0

Posts: 46 +0

Posts: 56,041 +516

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 56,041 +516

Attachments

Posts: 46 +0

Posts: 56,041 +516

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 56,041 +516

Posts: 46 +0

Posts: 56,041 +516

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Posts: 46 +0

Similar threads