Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017 Ran by Nmsha (administrator) on NOAHSDESKTOP (05-06-2017 21:51:30) Running from D:\Nmsha Loaded Profiles: Nmsha & _ashbackuppb_ (Available Profiles: Nmsha & _ashbackuppb_) Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\dataup\dataup.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (LogMeIn Inc.) D:\x64\hamachi-2.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe () D:\Nmsha\Ashampoo Backup Pro 11\bin\backupService-abpb.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe () C:\Program Files (x86)\ASUS\KeyBot II\KeyBotII.exe () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBclk.exe () C:\Windows\System32\tprdpw64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Apple Inc.) D:\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () D:\Nmsha\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe (Akamai Technologies, Inc.) C:\Users\Nmsha\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Nmsha\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ASUSTeKcomputer Inc) C:\Program Files (x86)\RamCache II\RamCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\AURA\AsRogAuraService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSWinService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (winscr) C:\Users\Nmsha\AppData\Local\ntuserlitelist\winscr\winscr.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSPanel.exe () C:\Windows\src_srv\winsrcsrv.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.0_none_1a733a82001933cc\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (Stardock Software, Inc) D:\Nmsha\Stardock\Launch8Srv.exe (Stardock Software, Inc) D:\Nmsha\Stardock\ShadowFXSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-05-10] (Realtek Semiconductor) HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1210368 2016-12-15] (ASUSTeK COMPUTER INC.) HKLM\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4241336 2017-04-19] (Stardock Corporation) HKLM\...\Run: [Ashampoo Backup PB] => D:\Nmsha\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe [323504 2017-03-28] () HKLM-x32\...\Run: [RamCache II ] => C:\Program Files (x86)\RamCache II\RamCache.exe [4351080 2017-04-30] (ASUSTeKcomputer Inc) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-04-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [96024 2017-03-28] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [67168 2017-04-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\hamachi-2-ui.exe [6153128 2017-05-22] (LogMeIn Inc.) HKLM-x32\...\Run: [WindowBlinds] => D:\Nmsha\Stardock\WindowBlinds 10 10.6.2.exe [56933520 2017-06-04] () HKLM\...\RunOnce: [NOAHSDESKTOP] => C:\Windows\TEMP\g67F5.tmp.exe [307200 2017-06-05] () <===== ATTENTION HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (U) HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (U) HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (U) HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (U) HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (U) HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (U) HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (U) HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (U) HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (U) HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (U) HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (U) HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (U) HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (U) HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4990808 2015-09-18] (Disc Soft Ltd) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [Discord] => C:\Users\Nmsha\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [Switcher] => "C:\SkinPack\Switcher\Switcher.exe" /quiet HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nmsha\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [IDMan] => D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMan.exe [4035696 2017-05-17] (Tonec Inc.) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Run: [Tiles] => D:\Nmsha\Stardock\Tiles64.exe [1286120 2015-07-17] (Stardock Software) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] () ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMShellExt64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] () ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] () ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-05-12] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-05-07] ShortcutTarget: MEGAsync.lnk -> C:\Users\Nmsha\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2017-06-05] ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (No File) Startup: C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-30] ShortcutTarget: Twitch.lnk -> C:\Users\Nmsha\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.) BootExecute: autocheck autochk * SmartDefragBootTime.exe GroupPolicy: Restriction <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts-x32: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => 127.0.0.1:8003 ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 ProxyEnable: [S-1-5-21-1544021099-3984391978-3616590382-1001] => Proxy is enabled. ProxyServer: [S-1-5-21-1544021099-3984391978-3616590382-1001] => 127.0.0.1:8003 AutoConfigURL: [S-1-5-21-1544021099-3984391978-3616590382-1001] => hxxp://unstopaccess.net/wpad.dat?48ab0dd3e2c345cb224763fc3a45089130960477 ProxyEnable: [S-1-5-21-1544021099-3984391978-3616590382-1003] => Proxy is enabled. ProxyServer: [S-1-5-21-1544021099-3984391978-3616590382-1003] => 127.0.0.1:8003 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{c3a0e1d2-5fe6-4624-a205-a155699ac0b4}: [DhcpNameServer] 10.0.1.1 ManualProxies: 0hxxp://unstopaccess.net/wpad.dat?48ab0dd3e2c345cb224763fc3a45089130960477 Internet Explorer: ================== HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://installgoogle.ru/ BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMIECC64.dll => No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMIECC.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation) BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-12-22] (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation) BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2016-12-22] (IObit) FireFox: ======== FF HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nmsha\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Nmsha\AppData\Roaming\IDM\idmmzcc5 [2017-06-03] [not signed] FF HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\idmmzcc2.xpi => not found FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File] Chrome: ======= CHR Profile: C:\Users\Nmsha\AppData\Local\Google\Chrome\User Data\Default [2017-06-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nmsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-03] CHR Extension: (Chrome Media Router) - C:\Users\Nmsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Nmsha\IDM\Internet Download Manager 6.28 Build 10 Setup + Crack\Crack\IDMGCExt.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "drmkpro64" => service could not be unlocked. <===== ATTENTION R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-04-10] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-04-10] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-04-10] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-04-10] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-29] () R2 ashbackuppb; d:\Nmsha\Ashampoo Backup Pro 11\bin\backupService-abpb.exe [31664 2017-03-28] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [963544 2016-08-05] (ASUSTeK Computer Inc.) R2 AsRogAuraService; C:\Program Files (x86)\ASUS\AURA\AsRogAuraService.exe [761304 2016-10-17] (ASUSTek Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed] R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\AsusWSWinService.exe [75264 2016-06-21] (ASUS Cloud Corporation) [File not signed] R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2394072 2016-09-20] (ASUSTeK Computer Inc.) R2 AtherosSvc; C:\Windows\system32\AdminService.exe [347064 2017-05-10] (Windows (R) Win 7 DDK provider) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [354720 2017-03-28] (Avira Operations GmbH & Co. KG) S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG) S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-05-28] (Microsoft Corporation) R2 Dataup; C:\Users\Nmsha\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION R2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc) R2 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1271640 2015-09-18] (Disc Soft Ltd) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-03-09] (Futuremark) R2 Hamachi2Svc; D:\x64\hamachi-2.exe [3760040 2017-05-22] (LogMeIn Inc.) S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit) R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation) R2 Launch8; D:\Nmsha\Stardock\Launch8Srv.exe [274088 2015-08-24] (Stardock Software, Inc) S2 Multiplicity; C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiSrv.exe [209216 2015-08-21] (Stardock Software, Inc) S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation) S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.) S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) R2 ShadowFX; D:\Nmsha\Stardock\ShadowFXSrv.exe [259592 2017-03-06] (Stardock Software, Inc) S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-04-07] (Avira Operations GmbH & Co. KG) [File not signed] R2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [17408 2017-04-29] () [File not signed] S2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2017-04-12] (Stardock Software, Inc) S2 UnsignedThemes; C:\Windows\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) S2 WindowBlinds; D:\Nmsha\Stardock\wbsrv.exe [86528 2017-03-22] (Stardock Corporation) S2 WindowFX; D:\Nmsha\Stardock\WindowFXSrv.exe [181824 2017-03-23] (Stardock Corporation) S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.) [File not signed] S2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.) [File not signed] S2 Razer Game Scanner Service; "C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe" [X] S2 Service KMSELDI; D:\Nmsha\KMSpico\Service_KMS.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2016-06-30] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] () R2 AsRamDisk; C:\Windows\system32\DRIVERS\asramdisk.sys [111416 2014-05-07] (Asus) R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-04-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-04-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-04-10] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-04-10] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [48584 2017-04-10] (Avira Operations GmbH & Co. KG) S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21304 2014-02-17] (Olof Lagerkvist) R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2017-04-30] (Disc Soft Ltd) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [544744 2017-06-03] (Intel Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] () R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [52392 2016-11-28] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] () R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [53848 2017-04-30] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2017-04-30] (FNet Co., Ltd.) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-10] (REALiX(tm)) R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [44096 2017-03-29] (IObit.com) S3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com) S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-17] (IObit) S3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-17] (IObit.com) R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-05-14] (ASUSTeK Computer Inc.) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [237488 2016-07-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [987568 2016-07-28] (AO Kaspersky Lab) R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [79504 2016-09-18] (Windows (R) Win 7 DDK provider) R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106928 2016-07-05] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211376 2016-07-05] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [119728 2016-07-05] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125872 2016-07-05] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [116656 2016-07-05] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [90032 2016-07-05] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135088 2016-07-05] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [335792 2016-07-05] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [197040 2016-07-05] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123312 2016-07-05] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [278960 2016-07-05] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125360 2016-07-05] (Panda Security, S.L.) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129296 2017-02-12] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [205584 2017-02-20] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.) R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.) R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.) R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-17] (IObit.com) R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [520032 2016-12-05] (BitDefender S.R.L.) R2 uxstyle; C:\Windows\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2017-04-14] (Check Point Software Technologies Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) R5 drmkpro64; <===== ATTENTION: Locked Service U3 iswSvc; no ImagePath S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-05 21:51 - 2017-06-05 21:51 - 00000000 ____D C:\FRST 2017-06-05 17:55 - 2017-06-05 17:55 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-06-05 00:01 - 2017-06-05 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EdgeRunner 2017-06-05 00:01 - 2017-06-05 00:01 - 00000000 ____D C:\Users\Nmsha\Downloads\EdgeRunner 2017-06-05 00:01 - 2017-06-05 00:01 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\EdgeRunner 2017-06-05 00:01 - 2017-06-05 00:01 - 00000000 ____D C:\Program Files (x86)\EdgeRunner 2017-06-05 00:00 - 2017-06-05 00:01 - 00000000 ____D C:\ProgramData\Edgerunner 2017-06-05 00:00 - 2017-06-05 00:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Edgerunner 2017-06-04 23:58 - 2017-06-04 23:58 - 00004170 _____ C:\Windows\System32\Tasks\Object Desktop-S-1-5-21-1544021099-3984391978-3616590382-1001 2017-06-04 23:52 - 2017-06-04 23:52 - 00000000 __SHD C:\found.001 2017-06-04 23:49 - 2017-06-04 23:51 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stardock 2017-06-04 22:27 - 2017-06-04 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-04 22:27 - 2017-06-04 22:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-06-04 22:27 - 2017-05-01 15:14 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-06-04 22:27 - 2017-03-10 16:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll 2017-06-04 22:27 - 2017-03-10 16:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-06-04 22:27 - 2017-03-10 16:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe 2017-06-04 22:27 - 2017-03-10 16:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-06-04 18:58 - 2017-06-04 22:00 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\WindSolutions 2017-06-04 18:58 - 2017-06-04 22:00 - 00000000 ____D C:\ProgramData\WindSolutions 2017-06-04 18:58 - 2017-06-04 18:58 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center 2017-06-04 18:54 - 2017-06-04 18:54 - 00000000 _____ C:\Users\Nmsha\AppData\Roaming\Apple 2017-06-04 18:41 - 2017-06-04 18:42 - 00000000 _____ C:\Windows\system32\Move 2017-06-03 23:36 - 2017-06-05 18:07 - 00000000 ____D C:\Users\_ashbackuppb_\AppData\Local\CrashDumps 2017-06-03 23:36 - 2017-06-03 23:36 - 00000000 ____D C:\Users\_ashbackuppb_\AppData\Local\DBG 2017-06-03 14:04 - 2017-06-03 14:04 - 00000020 ___SH C:\Users\_ashbackuppb_\ntuser.ini 2017-06-03 14:04 - 2017-06-03 14:04 - 00000000 _SHDL C:\Users\_ashbackuppb_\My Documents 2017-06-03 14:04 - 2017-06-03 14:04 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Ashampoo Backup PB 2017-06-03 14:04 - 2017-06-03 14:04 - 00000000 ____D C:\Users\_ashbackuppb_ 2017-06-03 14:04 - 2017-06-03 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2017-06-03 14:04 - 2017-06-03 14:04 - 00000000 ____D C:\ProgramData\Ashampoo Backup PB 2017-06-03 14:03 - 2017-06-03 14:03 - 00000000 ____D C:\ProgramData\Ashampoo 2017-06-03 13:59 - 2017-06-04 19:02 - 00000000 ____D C:\Program Files\Microsoft Office 2017-06-03 13:58 - 2017-06-03 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder 2017-06-03 13:51 - 2017-06-03 13:51 - 00003454 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart 2017-06-03 13:51 - 2017-06-03 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2017-06-03 13:51 - 2010-12-05 21:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll 2017-06-03 13:47 - 2017-06-03 13:47 - 00004608 _____ C:\Windows\SECOH-QAD.exe 2017-06-03 13:47 - 2017-06-03 13:47 - 00003584 _____ C:\Windows\SECOH-QAD.dll 2017-06-03 13:44 - 2017-06-03 13:44 - 00016872 _____ C:\Windows\System32\Tasks\33221L41636y17106N50622 2017-06-03 13:44 - 2017-06-03 13:44 - 00016866 _____ C:\Windows\System32\Tasks\60495L43245y41572N6221 2017-06-03 13:44 - 2017-06-03 13:44 - 00016866 _____ C:\Windows\System32\Tasks\28166L9496y74624N92004 2017-06-03 13:44 - 2017-06-03 13:44 - 00000000 ___HD C:\ProgramData\60495L43245y41572N6221 2017-06-03 13:44 - 2017-06-03 13:44 - 00000000 ___HD C:\ProgramData\33221L41636y17106N50622 2017-06-03 13:44 - 2017-06-03 13:44 - 00000000 ___HD C:\ProgramData\28166L9496y74624N92004 2017-06-03 13:43 - 2017-06-03 13:43 - 00016872 _____ C:\Windows\System32\Tasks\38003L47201y18505N27024 2017-06-03 13:43 - 2017-06-03 13:43 - 00016872 _____ C:\Windows\System32\Tasks\11062L66102y84384N29888 2017-06-03 13:43 - 2017-06-03 13:43 - 00000000 ___HD C:\ProgramData\38003L47201y18505N27024 2017-06-03 13:43 - 2017-06-03 13:43 - 00000000 ___HD C:\ProgramData\11062L66102y84384N29888 2017-06-03 13:42 - 2017-06-03 13:42 - 00016872 _____ C:\Windows\System32\Tasks\78397L87081y63641N87254 2017-06-03 13:42 - 2017-06-03 13:42 - 00000000 ___HD C:\ProgramData\78397L87081y63641N87254 2017-06-03 12:44 - 2017-06-03 12:45 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\XYplorer 2017-06-03 12:44 - 2017-06-03 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorer 2017-06-03 12:25 - 2017-06-03 12:28 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2017-06-03 12:25 - 2017-06-03 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2017-06-03 12:24 - 2017-06-03 12:46 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\IDM 2017-06-03 12:24 - 2017-06-03 12:46 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\DMCache 2017-06-03 12:24 - 2017-06-03 12:24 - 00000000 ____D C:\ProgramData\IDM 2017-06-03 12:07 - 2017-06-03 12:07 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-03 11:51 - 2017-06-03 11:51 - 00106496 _____ C:\Windows\reg_win_5018.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 00006656 _____ () C:\Windows\grupter.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 00001377 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhromе.lnk 2017-06-03 11:51 - 2017-06-03 11:51 - 00000000 ____D C:\Windows\Libnoahsdesktop 2017-06-02 23:45 - 2017-06-02 23:45 - 00000000 ____D C:\Users\Nmsha\AppData\Local\PTC 2017-06-02 09:26 - 2017-06-02 09:29 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Autodesk 2017-06-02 09:16 - 2017-06-02 09:31 - 00000000 ____D C:\ProgramData\Autodesk 2017-06-02 09:15 - 2017-06-02 09:15 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Akamai 2017-06-02 09:14 - 2017-06-02 09:29 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Autodesk 2017-05-25 21:13 - 2017-05-25 21:13 - 00000000 ____D C:\Users\Nmsha\AppData\Local\LogMeIn 2017-05-25 21:13 - 2017-05-25 21:13 - 00000000 ____D C:\ProgramData\LogMeIn 2017-05-24 19:23 - 2017-06-05 18:09 - 00000000 ____D C:\Users\Nmsha\AppData\Local\LogMeIn Hamachi 2017-05-24 19:22 - 2017-06-05 18:08 - 00000140 _____ C:\Users\Nmsha\BullseyeCoverageError.txt 2017-05-24 19:22 - 2017-05-24 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2017-05-22 16:12 - 2017-05-22 16:12 - 00045680 _____ (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2017-05-20 14:48 - 2017-05-20 14:48 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Bao_Nguyen 2017-05-20 14:48 - 2017-05-20 14:48 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Bao_Nguyen 2017-05-20 14:33 - 2017-06-04 19:05 - 00000000 ____D C:\Program Files\Samurize1920 2017-05-20 14:10 - 2017-06-04 19:01 - 00000000 ____D C:\SkinPack 2017-05-20 14:10 - 2017-06-03 13:46 - 00003650 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask 2017-05-20 14:10 - 2017-06-03 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack 2017-05-20 14:06 - 2017-05-20 14:16 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\MetroSidebar 2017-05-20 13:59 - 2017-05-20 13:59 - 00000000 ____D C:\Users\Nmsha\AppData\Local\chromium 2017-05-20 13:58 - 2017-05-20 14:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\{39930FCF-1D3B-6377-70A3-469F54CBBA07} 2017-05-20 13:42 - 2017-05-20 13:42 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher 2017-05-20 13:42 - 2017-03-18 15:58 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup 2017-05-20 13:42 - 2017-03-18 15:58 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup 2017-05-20 13:42 - 2017-03-18 15:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll.backup 2017-05-19 18:05 - 2017-05-19 18:05 - 35397528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-05-19 18:04 - 2017-05-19 18:04 - 28632152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-05-19 18:04 - 2017-05-19 18:04 - 00969624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-05-19 18:04 - 2017-05-19 18:04 - 00920664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-05-19 18:04 - 2017-05-19 18:04 - 00618584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-05-19 18:04 - 2017-05-19 18:04 - 00507984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 01996696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438205.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 01598360 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438205.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 01062808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 00999832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 00829848 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 00659864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-05-19 18:03 - 2017-05-19 18:03 - 00054680 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-05-19 18:02 - 2017-05-19 18:02 - 40210512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-05-19 18:02 - 2017-05-19 18:02 - 35290192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-05-19 18:02 - 2017-05-19 18:02 - 03800984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-05-19 18:02 - 2017-05-19 18:02 - 03256408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 11161992 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 10648512 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 09102480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 08891160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 01296264 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 01011488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 00791792 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 00703880 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 00633040 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 00626384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-05-19 17:48 - 2017-05-19 17:48 - 00591672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-05-19 17:47 - 2017-05-19 17:47 - 11129704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-05-19 17:47 - 2017-05-19 17:47 - 09335520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-05-19 17:47 - 2017-05-19 17:47 - 01298696 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-05-19 17:47 - 2017-05-19 17:47 - 01013344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-05-19 14:22 - 2017-05-19 14:22 - 00000669 _____ C:\Windows\system32\nv-vk64.json 2017-05-17 08:13 - 2016-10-17 10:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2017-05-15 13:06 - 2017-05-15 13:06 - 00000000 ____D C:\Users\Nmsha\AppData\Local\CCP 2017-05-15 13:06 - 2017-05-15 13:06 - 00000000 ____D C:\Users\Nmsha\.QtWebEngineProcess 2017-05-15 13:06 - 2017-05-15 13:06 - 00000000 ____D C:\Users\Nmsha\.EVE 2017-05-12 22:31 - 2017-05-12 22:31 - 01130328 _____ (Google Inc.) C:\Users\Nmsha\Downloads\ChromeSetup.exe 2017-05-12 22:30 - 2017-05-12 22:30 - 00000000 ____D C:\ProgramData\BDLogging 2017-05-12 22:30 - 2016-12-05 15:32 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2017-05-12 21:28 - 2017-05-12 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2017-05-12 21:28 - 2017-05-12 21:28 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-05-12 21:28 - 2017-03-29 18:05 - 00044096 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys 2017-05-12 21:18 - 2017-06-03 13:46 - 00003264 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze 2017-05-12 21:18 - 2017-06-03 13:46 - 00003104 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup 2017-05-12 21:18 - 2017-06-03 13:46 - 00003104 _____ C:\Windows\System32\Tasks\IObitSelfCheckTask 2017-05-12 21:18 - 2017-06-03 13:46 - 00003100 _____ C:\Windows\System32\Tasks\SmartDefrag_Update 2017-05-12 21:18 - 2017-05-12 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2017-05-12 21:18 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2017-05-12 21:18 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2017-05-12 21:18 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2017-05-12 21:04 - 2017-05-12 21:04 - 00000000 ____D C:\Windows\src_srv 2017-05-12 21:04 - 2017-05-12 21:04 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\AGData 2017-05-12 21:03 - 2017-06-03 11:51 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Browsers 2017-05-12 21:03 - 2017-05-12 22:53 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InterStat 2017-05-12 21:03 - 2017-05-12 21:03 - 00001260 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоme.lnk 2017-05-12 21:03 - 2017-05-12 21:03 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\SPI 2017-05-12 21:03 - 2017-05-12 21:03 - 00000000 ____D C:\Users\Nmsha\AppData\Local\CrashRpt 2017-05-12 21:01 - 2017-05-12 21:02 - 00000000 ____D C:\Users\Nmsha\AppData\Local\WinZip 2017-05-12 21:01 - 2017-05-12 21:01 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk 2017-05-12 21:00 - 2017-05-12 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2017-05-12 21:00 - 2017-05-12 21:01 - 00000000 ____D C:\Program Files\WinZip 2017-05-12 20:53 - 2017-06-05 18:03 - 00000000 ____D C:\Users\Nmsha\AppData\Local\ntuserlitelist 2017-05-12 20:53 - 2017-05-12 21:12 - 00000000 ____D C:\Users\Nmsha\AppData\Local\llssoft 2017-05-12 20:53 - 2017-05-12 20:53 - 00006610 _____ C:\Windows\TEMPcoral.vbs 2017-05-12 19:53 - 2017-05-12 19:53 - 00000000 ____D C:\Users\Nmsha\AppData\Local\dykhnlyd 2017-05-12 19:53 - 2017-05-12 19:53 - 00000000 ____D C:\Users\Nmsha\AppData\Local\AppTrailers 2017-05-12 19:52 - 2017-05-12 19:52 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\c 2017-05-10 20:39 - 2017-06-05 21:19 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Stardock 2017-05-10 20:39 - 2017-06-05 21:19 - 00000000 ____D C:\ProgramData\Stardock 2017-05-10 20:39 - 2017-06-05 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2017-05-10 20:39 - 2017-06-05 18:02 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Stardock 2017-05-10 20:38 - 2017-06-05 18:08 - 00000000 ____D C:\Program Files (x86)\Stardock 2017-05-10 20:38 - 2017-06-05 18:02 - 00000000 ____D C:\Users\Nmsha\Downloads\Stardock 2017-05-10 20:23 - 2017-05-10 20:23 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Mirillis 2017-05-10 20:23 - 2017-05-10 20:23 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Mirillis 2017-05-10 20:23 - 2017-05-10 20:23 - 00000000 ____D C:\ProgramData\Mirillis 2017-05-10 20:23 - 2017-05-10 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2017-05-10 20:23 - 2017-05-10 20:23 - 00000000 ____D C:\Program Files (x86)\Mirillis 2017-05-10 20:22 - 2017-05-10 20:22 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Macroplant_LLC 2017-05-10 20:20 - 2017-05-10 20:24 - 00000000 ____D C:\Users\Public\Speedup Sessions 2017-05-10 20:09 - 2017-05-12 19:55 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Apple Computer 2017-05-10 20:09 - 2017-05-10 20:09 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Apple Computer 2017-05-10 20:09 - 2017-05-10 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-05-10 20:09 - 2017-05-10 20:09 - 00000000 ____D C:\ProgramData\Apple Computer 2017-05-10 20:09 - 2017-05-10 20:09 - 00000000 ____D C:\Program Files\iPod 2017-05-10 20:08 - 2017-06-04 19:04 - 00000000 ____D C:\Program Files\Bonjour 2017-05-10 20:08 - 2017-05-10 20:08 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Apple 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\ProgramData\Apple 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\Program Files (x86)\Bonjour 2017-05-10 20:08 - 2017-05-10 20:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2017-05-10 20:00 - 2017-05-10 20:22 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Deployment 2017-05-10 20:00 - 2017-05-10 20:03 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC 2017-05-10 20:00 - 2017-05-10 20:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Apps\2.0 2017-05-10 19:55 - 2017-05-10 19:59 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-05-10 19:55 - 2017-05-10 19:55 - 00000000 ____D C:\Program Files\Common Files\Intel 2017-05-10 19:48 - 2017-05-10 19:48 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2017-05-10 19:46 - 2017-05-10 19:46 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438165.dll 2017-05-10 19:46 - 2017-05-10 19:46 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438165.dll 2017-05-10 19:45 - 2017-06-03 11:58 - 00544744 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d65x64.sys 2017-05-10 19:45 - 2017-05-10 19:45 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2017-05-10 19:45 - 2017-05-10 19:45 - 15202032 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 09124224 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2017-05-10 19:45 - 2017-05-10 19:45 - 07172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 07096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 06264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 05347000 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 03410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 03299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 03203584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 03122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 03014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2017-05-10 19:45 - 2017-05-10 19:45 - 02993720 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 02830480 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 02444688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 02201600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 02190976 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01516896 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01363096 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01353824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01133584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 01003504 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00866088 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00859912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00854208 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00785608 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00726120 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00601136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00588032 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00514872 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00426568 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00416504 _____ (Harman) C:\Windows\system32\HMUI.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00347064 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\AdminService.exe 2017-05-10 19:45 - 2017-05-10 19:45 - 00343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00258864 _____ (TODO: ) C:\Windows\system32\slprp64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00209528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00203840 _____ (Harman) C:\Windows\system32\HMHVS.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00198584 _____ (Qualcomm®Atheros®) C:\Windows\system32\BtContextMenu.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00197560 _____ (Qualcomm Atheros Communications Inc.) C:\Windows\system32\btcoinst.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00190928 _____ (Harman) C:\Windows\system32\HMEQ.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00158688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00105304 _____ C:\Windows\system32\audioLibVc.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll 2017-05-10 19:45 - 2017-05-10 19:45 - 00058488 _____ C:\Windows\system32\Drivers\AthrBT_0x00000200.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00057624 _____ C:\Windows\system32\Drivers\AthrBT_0x00000300.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00039528 _____ C:\Windows\system32\Drivers\AthrBT_TF_0x00000302.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00035860 _____ C:\Windows\system32\Drivers\AthrBT_0x00000302.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00019992 _____ (Qualcomm®Atheros®) C:\Windows\system32\BtContextMenu.dll.muien-US 2017-05-10 19:45 - 2017-05-10 19:45 - 00001982 _____ C:\Windows\system32\Drivers\ramps_0x00000302_48_NFA354A_10db.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001982 _____ C:\Windows\system32\Drivers\ramps_0x00000302_48.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001969 _____ C:\Windows\system32\Drivers\ramps_TF_0x00000302_48_NFA435_10dbm.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001969 _____ C:\Windows\system32\Drivers\ramps_TF_0x00000302_48.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001890 _____ C:\Windows\system32\Drivers\ramps_0x00000300_48_NFA435_10db.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001890 _____ C:\Windows\system32\Drivers\ramps_0x00000300_48.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001859 _____ C:\Windows\system32\Drivers\ramps_0x00000200_48_NFA354.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00001859 _____ C:\Windows\system32\Drivers\ramps_0x00000200_48.dfu 2017-05-10 19:45 - 2017-05-10 19:45 - 00000000 ____D C:\Windows\system32\DAX3 2017-05-10 19:40 - 2017-05-10 19:40 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\epm 2017-05-10 19:18 - 2017-05-10 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.0 2017-05-10 19:18 - 2017-04-26 15:37 - 03885248 _____ C:\Windows\system32\BootMan.exe 2017-05-10 19:18 - 2017-04-26 15:37 - 02953920 _____ C:\Windows\SysWOW64\BootMan.exe 2017-05-10 19:18 - 2016-12-07 13:26 - 00033448 _____ C:\Windows\system32\epmntdrv.sys 2017-05-10 19:18 - 2016-07-11 10:01 - 00101984 _____ C:\Windows\system32\setupempdrvx64.exe 2017-05-10 19:18 - 2016-07-11 10:01 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe 2017-05-10 19:18 - 2016-07-11 10:01 - 00010848 _____ C:\Windows\system32\EuGdiDrv.sys 2017-05-10 19:18 - 2016-07-11 10:01 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys 2017-05-10 19:18 - 2016-07-08 15:28 - 00248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb 2017-05-10 19:18 - 2016-01-14 10:05 - 00021496 _____ C:\Windows\SysWOW64\epmntdrv.sys 2017-05-10 19:18 - 2014-11-18 14:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll 2017-05-10 19:18 - 2014-11-18 14:46 - 00017504 _____ C:\Windows\system32\EuEpmGdi.dll 2017-05-10 18:28 - 2017-06-04 13:58 - 00003032 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nmsha) 2017-05-10 18:28 - 2017-06-03 13:46 - 00003394 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler 2017-05-10 18:27 - 2017-05-10 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4 2017-05-10 18:13 - 2017-05-10 18:13 - 00040646 _____ C:\Windows\SysWOW64\MyDefrag.dat 2017-05-10 17:55 - 2017-05-10 18:13 - 00049319 _____ C:\Windows\SysWOW64\Defrag.debuglog 2017-05-10 17:39 - 2017-06-03 13:46 - 00002496 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Nmsha 2017-05-10 17:39 - 2017-05-10 17:39 - 00000310 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Nmsha.job 2017-05-10 17:39 - 2017-05-10 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2017-05-10 17:38 - 2017-05-10 17:38 - 00034308 _____ C:\Windows\SysWOW64\bassmod.dll 2017-05-10 17:34 - 2017-05-12 21:28 - 00000000 ____D C:\Program Files (x86)\IObit 2017-05-10 17:28 - 2017-06-03 11:58 - 00000000 ____D C:\ProgramData\ProductData 2017-05-10 17:28 - 2017-05-12 22:54 - 00000000 ____D C:\ProgramData\IObit 2017-05-10 17:28 - 2017-05-12 21:49 - 00000000 ____D C:\Users\Nmsha\AppData\LocalLow\IObit 2017-05-10 17:28 - 2017-05-12 21:29 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\IObit 2017-05-10 17:28 - 2017-05-10 17:28 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS 2017-05-10 17:28 - 2017-05-10 17:28 - 00000000 ____D C:\Windows\IObit 2017-05-10 17:27 - 2017-05-10 17:27 - 00000000 ____D C:\Users\Nmsha\AppData\Local\AviraSpeedup 2017-05-10 17:15 - 2017-05-10 17:15 - 00001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-05-10 17:15 - 2017-05-10 17:15 - 00000000 ___RD C:\Users\Nmsha\Creative Cloud Files 2017-05-10 17:15 - 2017-05-10 17:15 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-05-10 17:04 - 2017-05-10 17:04 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsigne938b0e31866ed2d 2017-05-10 17:04 - 2017-05-10 17:04 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign9589e42823c58921 2017-05-10 17:04 - 2017-05-10 17:04 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign47d5dfe03beb9275 2017-05-10 17:04 - 2017-05-10 17:04 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign07b484a8f1ee0312 2017-05-10 17:01 - 2017-05-10 17:01 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign96b90f4520415718 2017-05-10 17:01 - 2017-05-10 17:01 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign179907179c2922fd 2017-05-10 17:00 - 2017-05-10 17:00 - 00000000 ____D C:\Users\Nmsha\AppData\LocalLow\Adobe 2017-05-10 17:00 - 2017-05-10 17:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign6c43e9c9119616dd 2017-05-10 17:00 - 2017-05-10 17:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign6a2f07fa5312bc86 2017-05-10 17:00 - 2017-05-10 17:00 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign3a2446bba5db2a3c 2017-05-10 16:59 - 2017-05-10 16:59 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsignf1a790bf3dbfefdb 2017-05-10 16:59 - 2017-05-10 16:59 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsignd8329f3d67aec35f 2017-05-10 16:59 - 2017-05-10 16:59 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign89cc171666189aa6 2017-05-10 16:54 - 2017-05-10 16:54 - 00003664 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nmshafer4@gmail.com 2017-05-10 16:54 - 2017-05-10 16:54 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign2f47b71fac3e1b5b 2017-05-10 16:54 - 2017-05-10 16:54 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Tempzxpsign181422bd9fc32fd0 2017-05-10 16:54 - 2017-05-10 16:54 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-05-10 16:53 - 2017-05-10 16:53 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2017-05-10 16:43 - 2017-05-10 16:53 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-05-10 16:43 - 2017-05-10 16:43 - 00000000 ____D C:\Program Files\Adobe 2017-05-10 16:41 - 2017-06-03 13:46 - 00003788 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate 2017-05-10 16:41 - 2017-05-10 16:41 - 00000000 ____D C:\Windows\System32\Tasks\Avira 2017-05-10 16:41 - 2017-05-10 16:41 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Avira 2017-05-10 16:35 - 2017-06-04 19:08 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-05-10 16:31 - 2017-05-10 16:31 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Avira 2017-05-10 16:30 - 2017-05-24 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-05-10 16:30 - 2017-05-10 16:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2017-05-10 16:30 - 2017-04-10 13:23 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2017-05-10 16:30 - 2017-04-10 13:23 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2017-05-10 16:30 - 2017-04-10 13:23 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2017-05-10 16:30 - 2017-04-10 13:23 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys 2017-05-10 16:30 - 2017-04-10 13:23 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2017-05-10 16:29 - 2017-05-10 16:40 - 00000000 ____D C:\ProgramData\Avira 2017-05-10 16:29 - 2017-05-10 16:40 - 00000000 ____D C:\Program Files (x86)\Avira 2017-05-10 15:50 - 2017-05-10 17:15 - 00000000 ____D C:\ProgramData\Adobe 2017-05-10 15:46 - 2017-05-10 19:58 - 00000000 ____D C:\ProgramData\McAfee 2017-05-10 15:46 - 2017-05-10 15:46 - 00004590 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-05-10 15:45 - 2017-06-05 18:17 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Adobe 2017-05-10 15:27 - 2017-04-27 20:38 - 01411128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-05-10 15:27 - 2017-04-27 20:19 - 01839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-05-10 15:27 - 2017-04-27 20:19 - 00605936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2017-05-10 15:27 - 2017-04-27 20:18 - 02259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll 2017-05-10 15:27 - 2017-04-27 20:16 - 00599576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-05-10 15:27 - 2017-04-27 20:12 - 01604312 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-05-10 15:27 - 2017-04-27 20:12 - 00543640 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-05-10 15:27 - 2017-04-27 20:11 - 02158544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-05-10 15:27 - 2017-04-27 20:09 - 01557288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2017-05-10 15:27 - 2017-04-27 20:08 - 08320920 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-05-10 15:27 - 2017-04-27 20:08 - 02399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-05-10 15:27 - 2017-04-27 20:08 - 02330520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2017-05-10 15:27 - 2017-04-27 20:08 - 00775824 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-05-10 15:27 - 2017-04-27 20:07 - 06759512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-05-10 15:27 - 2017-04-27 20:07 - 00988168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2017-05-10 15:27 - 2017-04-27 20:06 - 02969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll 2017-05-10 15:27 - 2017-04-27 20:06 - 00708712 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-05-10 15:27 - 2017-04-27 20:05 - 00923040 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-05-10 15:27 - 2017-04-27 20:04 - 00583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-05-10 15:27 - 2017-04-27 20:03 - 00667040 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2017-05-10 15:27 - 2017-04-27 20:00 - 02444192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-05-10 15:27 - 2017-04-27 19:59 - 05477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll 2017-05-10 15:27 - 2017-04-27 19:59 - 02635336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-05-10 15:27 - 2017-04-27 19:59 - 00388000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-05-10 15:27 - 2017-04-27 19:59 - 00207264 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2017-05-10 15:27 - 2017-04-27 19:59 - 00027040 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe 2017-05-10 15:27 - 2017-04-27 19:58 - 01852776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2017-05-10 15:27 - 2017-04-27 19:58 - 00872472 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll 2017-05-10 15:27 - 2017-04-27 19:57 - 03116184 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2017-05-10 15:27 - 2017-04-27 19:56 - 07904784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2017-05-10 15:27 - 2017-04-27 19:55 - 21353200 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-05-10 15:27 - 2017-04-27 19:55 - 01325456 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2017-05-10 15:27 - 2017-04-27 19:53 - 00387928 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll 2017-05-10 15:27 - 2017-04-27 19:52 - 02957824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-05-10 15:27 - 2017-04-27 19:52 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2017-05-10 15:27 - 2017-04-27 19:52 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2017-05-10 15:27 - 2017-04-27 19:51 - 20505600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-05-10 15:27 - 2017-04-27 19:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-05-10 15:27 - 2017-04-27 19:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll 2017-05-10 15:27 - 2017-04-27 19:46 - 19335168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-05-10 15:27 - 2017-04-27 19:46 - 00329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll 2017-05-10 15:27 - 2017-04-27 19:46 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-05-10 15:27 - 2017-04-27 19:45 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2017-05-10 15:27 - 2017-04-27 19:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-05-10 15:27 - 2017-04-27 19:44 - 00266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-05-10 15:27 - 2017-04-27 19:42 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll 2017-05-10 15:27 - 2017-04-27 19:42 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-05-10 15:27 - 2017-04-27 19:42 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2017-05-10 15:27 - 2017-04-27 19:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe 2017-05-10 15:27 - 2017-04-27 19:41 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-05-10 15:27 - 2017-04-27 19:40 - 11870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-05-10 15:27 - 2017-04-27 19:40 - 06292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-05-10 15:27 - 2017-04-27 19:40 - 02008576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-05-10 15:27 - 2017-04-27 19:40 - 00799232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll 2017-05-10 15:27 - 2017-04-27 19:40 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2017-05-10 15:27 - 2017-04-27 19:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll 2017-05-10 15:27 - 2017-04-27 19:39 - 05225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2017-05-10 15:27 - 2017-04-27 19:39 - 03655680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-05-10 15:27 - 2017-04-27 19:39 - 02859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-05-10 15:27 - 2017-04-27 19:38 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-05-10 15:27 - 2017-04-27 19:38 - 01019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-05-10 15:27 - 2017-04-27 19:37 - 04559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2017-05-10 15:27 - 2017-04-27 19:37 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-05-10 15:27 - 2017-04-27 19:34 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2017-05-10 15:27 - 2017-04-27 19:33 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2017-05-10 15:27 - 2017-04-27 19:26 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-05-10 15:27 - 2017-04-27 19:15 - 03672064 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-05-10 15:27 - 2017-04-27 19:15 - 01051648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2017-05-10 15:27 - 2017-04-27 19:14 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2017-05-10 15:27 - 2017-04-27 19:11 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-05-10 15:27 - 2017-04-27 19:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-05-10 15:27 - 2017-04-27 19:11 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll 2017-05-10 15:27 - 2017-04-27 19:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-05-10 15:27 - 2017-04-27 19:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-05-10 15:27 - 2017-04-27 19:08 - 00457728 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll 2017-05-10 15:27 - 2017-04-27 19:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll 2017-05-10 15:27 - 2017-04-27 19:08 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-05-10 15:27 - 2017-04-27 19:07 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2017-05-10 15:27 - 2017-04-27 19:06 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll 2017-05-10 15:27 - 2017-04-27 19:06 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-05-10 15:27 - 2017-04-27 19:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-05-10 15:27 - 2017-04-27 19:06 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-05-10 15:27 - 2017-04-27 19:05 - 01075712 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll 2017-05-10 15:27 - 2017-04-27 19:05 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-05-10 15:27 - 2017-04-27 19:04 - 23681024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-05-10 15:27 - 2017-04-27 19:04 - 01878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-05-10 15:27 - 2017-04-27 19:04 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll 2017-05-10 15:27 - 2017-04-27 19:04 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe 2017-05-10 15:27 - 2017-04-27 19:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2017-05-10 15:27 - 2017-04-27 19:03 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll 2017-05-10 15:27 - 2017-04-27 19:03 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll 2017-05-10 15:27 - 2017-04-27 19:03 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-05-10 15:27 - 2017-04-27 19:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll 2017-05-10 15:27 - 2017-04-27 19:02 - 01260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe 2017-05-10 15:27 - 2017-04-27 19:01 - 02077184 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-05-10 15:27 - 2017-04-27 19:01 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-05-10 15:27 - 2017-04-27 19:00 - 08244736 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-05-10 15:27 - 2017-04-27 18:59 - 04396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-05-10 15:27 - 2017-04-27 18:59 - 03307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-05-10 15:27 - 2017-04-27 18:59 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-05-10 15:27 - 2017-04-27 18:59 - 01293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-05-10 15:27 - 2017-04-27 18:59 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2017-05-10 15:27 - 2017-04-27 18:58 - 12787200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-05-10 15:27 - 2017-04-27 18:58 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll 2017-05-10 15:27 - 2017-04-27 18:57 - 05557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2017-05-10 15:27 - 2017-04-27 18:57 - 04730368 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-05-10 15:27 - 2017-04-27 18:57 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-05-10 15:27 - 2017-04-27 18:57 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-05-10 15:27 - 2017-04-27 18:54 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2017-05-10 15:27 - 2017-04-27 18:54 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2017-05-10 15:27 - 2017-04-27 18:54 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-05-10 15:27 - 2017-04-27 18:54 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-05-10 15:27 - 2017-04-27 18:52 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll 2017-05-07 14:58 - 2017-05-07 14:58 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Steam 2017-05-07 14:58 - 2017-05-07 14:58 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\FiraxisLive 2017-05-07 14:57 - 2017-05-07 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI 2017-05-07 14:27 - 2017-05-07 14:27 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\PowerISO 2017-05-07 14:25 - 2017-06-04 19:05 - 00000000 ____D C:\Program Files\PowerISO 2017-05-07 14:25 - 2017-05-07 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2017-05-07 14:25 - 2017-02-02 08:27 - 00137792 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys 2017-05-07 13:42 - 2017-06-03 12:33 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\qBittorrent 2017-05-07 13:42 - 2017-05-07 13:43 - 00000000 ____D C:\Users\Nmsha\AppData\Local\qBittorrent 2017-05-07 13:42 - 2017-05-07 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-05-07 13:42 - 2017-05-07 13:42 - 00000000 ____D C:\Program Files\qBittorrent 2017-05-07 13:39 - 2017-05-07 13:39 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2017-05-07 13:39 - 2017-05-07 13:39 - 00000000 ____D C:\Users\Nmsha\AppData\Local\MEGAsync 2017-05-07 13:39 - 2017-05-07 13:39 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Mega Limited 2017-05-06 16:27 - 2017-05-10 16:53 - 00000000 ____D C:\Users\Nmsha\AppData\Local\atom 2017-05-06 16:27 - 2017-05-06 16:29 - 00000000 ____D C:\Users\Nmsha\.atom 2017-05-06 16:27 - 2017-05-06 16:28 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Atom 2017-05-06 16:27 - 2017-05-06 16:27 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2017-05-06 16:24 - 2017-05-06 16:24 - 00000000 ____D C:\Users\Nmsha\VirtualBox VMs 2017-05-06 16:23 - 2017-05-07 00:02 - 00000000 ____D C:\Users\Nmsha\.VirtualBox 2017-05-06 16:02 - 2017-05-06 16:22 - 00000000 ____D C:\Users\Nmsha\AppData\Local\VMware 2017-05-06 16:01 - 2017-05-06 16:21 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\VMware 2017-05-06 15:57 - 2017-03-21 19:13 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2017-05-06 15:57 - 2017-03-21 19:13 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys 2017-05-06 15:54 - 2017-05-10 17:55 - 00000000 ____D C:\ProgramData\VMware 2017-05-06 15:54 - 2017-05-06 15:54 - 01211808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-05-06 15:54 - 2017-02-20 08:02 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2017-05-06 15:39 - 2017-05-06 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-05-06 15:38 - 2017-05-06 15:38 - 00000000 ____D C:\Program Files\7-Zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-05 21:19 - 2017-04-29 12:04 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-06-05 18:20 - 2017-04-29 22:41 - 00000000 ____D C:\Users\Nmsha\AppData\Local\CrashDumps 2017-06-05 18:13 - 2017-04-29 22:13 - 01499864 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-05 18:08 - 2017-04-29 22:18 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-05 18:08 - 2017-04-29 12:05 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-05 18:07 - 2017-03-18 15:51 - 00000000 ____D C:\Windows\CbsTemp 2017-06-05 18:07 - 2017-03-18 06:40 - 00524288 _____ C:\Windows\system32\config\BBI 2017-06-04 23:50 - 2017-04-29 22:23 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Razer 2017-06-04 23:50 - 2017-04-29 22:13 - 00000000 ____D C:\ProgramData\Razer 2017-06-04 23:50 - 2017-04-29 22:13 - 00000000 ____D C:\Program Files (x86)\Razer 2017-06-04 23:50 - 2017-03-18 16:01 - 00000000 ____D C:\Windows\INF 2017-06-04 22:27 - 2017-04-29 22:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-04 22:26 - 2017-04-29 22:40 - 00000000 ____D C:\Windows\system32\MRT 2017-06-04 22:26 - 2017-04-29 22:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-06-04 22:24 - 2017-04-29 22:40 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-04 19:06 - 2017-04-30 00:41 - 00000000 ____D C:\Windows\Minidump 2017-06-04 13:38 - 2017-04-29 12:04 - 00432152 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-03 23:36 - 2017-04-29 22:16 - 00000000 ____D C:\Users\Nmsha 2017-06-03 23:35 - 2017-04-30 11:30 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-03 13:54 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-06-03 13:46 - 2017-05-05 22:13 - 00002982 _____ C:\Windows\System32\Tasks\HWMonitor.exe_1058324233 2017-06-03 13:46 - 2017-05-04 12:19 - 00003738 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification 2017-06-03 13:46 - 2017-04-30 10:30 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-06-03 13:46 - 2017-04-30 00:23 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-06-03 13:46 - 2017-04-30 00:23 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-06-03 12:07 - 2017-04-30 00:30 - 00000000 ____D C:\Users\Nmsha\AppData\Local\Google 2017-06-03 12:07 - 2017-04-30 00:23 - 00000000 ____D C:\Program Files (x86)\Google 2017-06-03 11:54 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\AppReadiness 2017-06-02 09:19 - 2017-04-29 22:21 - 00000000 ____D C:\ProgramData\Package Cache 2017-06-02 09:05 - 2017-03-18 16:03 - 00000000 ___HD C:\Program Files\WindowsApps 2017-05-25 22:56 - 2017-04-30 11:24 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Twitch 2017-05-24 19:23 - 2017-04-30 11:24 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\.minecraft 2017-05-20 17:39 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\Cursors 2017-05-19 18:03 - 2017-03-23 17:40 - 01609232 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-05-19 18:03 - 2017-03-23 17:40 - 00226712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-05-19 17:47 - 2017-03-23 17:34 - 04136736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-05-19 17:47 - 2017-03-23 17:34 - 03647864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-05-19 14:22 - 2017-01-04 12:07 - 00045061 _____ C:\Windows\system32\nvinfo.pb 2017-05-12 22:53 - 2017-04-30 14:04 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake 2017-05-12 21:03 - 2017-04-30 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-05-12 21:02 - 2017-04-30 00:37 - 00000000 ____D C:\ProgramData\WinZip 2017-05-10 20:24 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\LiveKernelReports 2017-05-10 20:11 - 2017-04-30 10:30 - 00000000 ____D C:\Program Files\CCleaner 2017-05-10 19:55 - 2017-05-04 12:19 - 00000000 ____D C:\ProgramData\Intel 2017-05-10 19:55 - 2017-04-30 00:24 - 00000000 ____D C:\Program Files\Intel 2017-05-10 19:48 - 2017-04-29 22:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-10 19:46 - 2017-04-30 00:25 - 00000000 ____D C:\Windows\system32\RTCOM 2017-05-10 19:46 - 2017-04-30 00:24 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2017-05-10 19:46 - 2017-04-30 00:16 - 00891392 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys 2017-05-10 19:45 - 2017-05-04 12:17 - 03503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2017-05-10 19:45 - 2017-05-04 12:17 - 03203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2017-05-10 19:45 - 2017-05-04 12:17 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2017-05-10 19:45 - 2017-04-30 00:25 - 00000000 ____D C:\Windows\system32\DAX2 2017-05-10 19:45 - 2017-04-30 00:24 - 05545512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2017-05-10 19:45 - 2017-04-30 00:24 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2017-05-10 19:45 - 2017-04-29 22:22 - 00000000 ____D C:\Program Files\Common Files\Atheros 2017-05-10 19:45 - 2016-09-06 14:59 - 00204920 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys 2017-05-10 19:45 - 2016-06-26 02:57 - 00601448 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys 2017-05-10 19:18 - 2017-04-29 22:23 - 00000000 ____D C:\Program Files (x86)\EaseUS 2017-05-10 18:37 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\system32\NDF 2017-05-10 18:27 - 2017-05-03 17:50 - 00000000 ____D C:\Users\Nmsha\AppData\Local\ElevatedDiagnostics 2017-05-10 17:42 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\system32\appraiser 2017-05-10 17:42 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\ShellExperiences 2017-05-10 17:42 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-05-10 17:42 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-05-10 17:16 - 2017-04-29 22:17 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Adobe 2017-05-10 16:54 - 2017-04-30 11:09 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\NVIDIA 2017-05-10 16:53 - 2017-04-29 13:04 - 00000000 ____D C:\Windows\Panther 2017-05-10 15:45 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-10 15:45 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\system32\Macromed 2017-05-07 22:49 - 2017-04-30 11:33 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-05-07 22:35 - 2017-04-30 00:36 - 00000000 ____D C:\Users\Nmsha\AppData\Roaming\DAEMON Tools Pro 2017-05-07 22:20 - 2017-04-30 13:43 - 00000000 ____D C:\Windows\SysWOW64\directx 2017-05-06 16:28 - 2017-05-03 20:32 - 00000000 ____D C:\Users\Nmsha\AppData\Local\SquirrelTemp 2017-05-06 15:32 - 2017-04-29 22:17 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ___SD C:\Windows\system32\F12 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\SysWOW64\Dism 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\Provisioning 2017-05-06 15:30 - 2017-03-18 16:03 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-05-06 15:30 - 2017-03-18 06:40 - 00000000 ____D C:\Windows\system32\Dism ==================== Files in the root of some directories ======= 2017-06-04 18:54 - 2017-06-04 18:54 - 0000000 _____ () C:\Users\Nmsha\AppData\Roaming\Apple 2017-04-30 11:06 - 2017-04-30 13:50 - 1065984 _____ () C:\Users\Nmsha\AppData\Local\file__0.localstorage 2017-04-29 22:40 - 2017-04-29 22:40 - 0000017 _____ () C:\Users\Nmsha\AppData\Local\resmon.resmoncfg 2017-04-30 00:25 - 2017-04-30 00:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Windows\TEMP\g67F5.tmp.exe Some files in TEMP: ==================== 2017-06-02 09:35 - 2017-01-18 04:50 - 0066472 _____ (Autodesk, Inc.) C:\Users\Nmsha\AppData\Local\Temp\AcDeltree.exe 2017-05-24 19:23 - 2017-05-24 19:23 - 0010520 _____ () C:\Users\Nmsha\AppData\Local\Temp\BullseyeCoverage-x86-3.dll 2017-06-03 11:51 - 2017-06-03 11:51 - 1819584 _____ () C:\Users\Nmsha\AppData\Local\Temp\component (1).exe 2017-06-02 09:29 - 2017-06-02 09:29 - 2398688 _____ (Flexera Software LLC) C:\Users\Nmsha\AppData\Local\Temp\FNP_ACT_InstallerCA.dll 2017-06-03 23:01 - 2017-06-03 23:01 - 0475136 _____ () C:\Users\Nmsha\AppData\Local\Temp\g961D.tmp.exe 2017-06-03 20:47 - 2017-06-03 20:47 - 9436672 _____ () C:\Users\Nmsha\AppData\Local\Temp\gA610.tmp.exe 2017-06-03 13:42 - 2017-06-03 13:42 - 0307200 _____ () C:\Users\Nmsha\AppData\Local\Temp\gEF9C.tmp.exe 2017-06-03 13:42 - 2017-06-03 13:42 - 0168960 _____ () C:\Users\Nmsha\AppData\Local\Temp\gEF9D.tmp.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 2230477 _____ () C:\Users\Nmsha\AppData\Local\Temp\isetup.exe 2017-05-25 21:04 - 2017-05-25 21:04 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Nmsha\AppData\Local\Temp\jansi-64-1665871519962764519.dll 2017-05-25 21:02 - 2017-05-25 21:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Nmsha\AppData\Local\Temp\jansi-64-2496651313770339415.dll 2017-06-03 11:51 - 2017-06-03 11:51 - 0143360 _____ () C:\Users\Nmsha\AppData\Local\Temp\load.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 2211803 _____ (Megamediads Inc. ) C:\Users\Nmsha\AppData\Local\Temp\player.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 1757357 _____ (www.click.com ) C:\Users\Nmsha\AppData\Local\Temp\setup (5).exe 2017-06-03 11:51 - 2017-06-03 11:51 - 0624640 _____ () C:\Users\Nmsha\AppData\Local\Temp\setup (6).exe 2017-05-12 19:52 - 2017-05-12 19:52 - 2211328 _____ () C:\Users\Nmsha\AppData\Local\Temp\setup.exe 2017-06-03 11:51 - 2017-06-03 11:51 - 2966480 _____ ( ) C:\Users\Nmsha\AppData\Local\Temp\Yeadesktop.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-02 09:50 ==================== End of FRST.txt ============================