Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Michael (administrator) on DESKTOP-P2O0QIH (27-03-2017 12:15:43) Running from C:\Users\Michael\Downloads Loaded Profiles: Michael (Available Profiles: Michael) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe () C:\Users\Michael\AppData\Local\ntuserlitelist\dataup\dataup.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe (Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Users\Michael\AppData\Local\Temp\WS\realtek_amd64.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe (Mega Limited) C:\Users\Michael\AppData\Local\MEGAsync\MEGAsync.exe (Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe (Installer Technology) C:\Program Files (x86)\PCAccelerateP\PCAcceleratePro.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe () C:\Program Files (x86)\PCAccelerateP\RPCAcceleratePro.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-10-07] (Alienware) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795632 2016-02-02] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946600 2015-10-15] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1131008 2015-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746232 2015-10-15] (Alienware Corp.) HKLM-x32\...\Run: [PCAcceleratePro] => C:\Program Files (x86)\PCAccelerateP\PCAcceleratePro.exe [7805264 2017-03-24] (Installer Technology) HKLM-x32\...\Run: [InstantSupport] => "C:\Program Files (x86)\InstantSupp\InstantSupport.exe" -startup HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\...\Run: [DAEMONSyncTray] => C:\Program Files (x86)\DAEMON Sync\DAEMONSyncTray.exe [5602136 2016-06-17] () HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\...\Run: [Zoom] => [X] HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\...\MountPoints2: {4c237ee5-1291-11e7-8951-9cb6d00d2ff8} - "E:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [] => [X] ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michael\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-07-12] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-09-24] ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-19] ShortcutTarget: MEGAsync.lnk -> C:\Users\Michael\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-12-24] ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe () GroupPolicyUsers\S-1-5-21-1600140922-1065125585-2556647967-1001\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{13f353d0-a920-45ea-94a6-ca674eee3bac}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2d3fc61b-9092-4431-8b49-9d7759a60caa}: [DhcpNameServer] 209.18.47.61 209.18.47.62 ManualProxies: Internet Explorer: ================== HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE HKU\S-1-5-21-1600140922-1065125585-2556647967-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us SearchScopes: HKU\S-1-5-21-1600140922-1065125585-2556647967-1001 -> DefaultScope {88F7743F-A12F-4038-9984-C870DF09F502} URL = SearchScopes: HKU\S-1-5-21-1600140922-1065125585-2556647967-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032717-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms} SearchScopes: HKU\S-1-5-21-1600140922-1065125585-2556647967-1001 -> {88F7743F-A12F-4038-9984-C870DF09F502} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ndavqvl7.default FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ndavqvl7.default [2017-03-27] FF NewTab: Mozilla\Firefox\Profiles\ndavqvl7.default -> about:home FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ndavqvl7.default -> Bing® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ndavqvl7.default -> Bing® FF Homepage: Mozilla\Firefox\Profiles\ndavqvl7.default -> about:home FF Extension: (MEGA) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ndavqvl7.default\Extensions\firefox@mega.co.nz.xpi [2017-03-25] FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ndavqvl7.default\searchplugins\bing-lavasoft.xml [2017-03-26] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-1600140922-1065125585-2556647967-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Michael\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-09-08] (Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "chrome://newtab/" CHR NewTab: Default -> Not-active:"chrome-extension://eiikolbbafmbldhmifkjbllpmhbiknho/newtab/newtab.html" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2017-03-27] CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-19] CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-19] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-19] CHR Extension: (MEGA) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-25] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-19] CHR Extension: (Convert That PDF) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiikolbbafmbldhmifkjbllpmhbiknho [2017-03-26] CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-19] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-19] CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-19] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-26] CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-26] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation) S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [603256 2016-03-16] (Intel Corporation) R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed] R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133640 2016-03-16] (Creative Technology Ltd) S2 DAEMONSyncService; C:\Program Files (x86)\DAEMON Sync\DAEMONSyncService.exe [5560152 2016-06-17] (Disc Soft Ltd.) U2 Dataup; C:\Users\Michael\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation) R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-23] (Alienware) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-03-16] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-01-26] (Rivet Networks) R2 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [80208 2016-09-22] (Dell) R2 realtek_amd64; C:\Users\Michael\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-24] () [File not signed] <==== ATTENTION R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-09-24] (Impulse Point, LLC) S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-10-15] (Synaptics Incorporated) S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 windowsmanagementservice; C:\Users\Michael\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.) R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1076008 2016-03-16] (Creative Technology Ltd) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation) R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2016-07-28] (Disc Soft Ltd) R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [36424 2015-07-13] () R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [33864 2015-07-13] () R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation) R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.) R3 kiox_ff_driver; C:\WINDOWS\system32\DRIVERS\kiox_ff_driver.sys [51304 2015-10-02] (Kionix, Inc.) R0 kxdiskprot; C:\WINDOWS\System32\DRIVERS\kxdiskprot.sys [40016 2015-09-18] (Kionix, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.) R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation) S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [163644 2016-12-23] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2015-10-15] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S0 lbtoqd; System32\drivers\wqtjkhji.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-26 22:25 - 2017-03-26 22:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michael\Downloads\spybot-2.4 (2).exe 2017-03-26 22:04 - 2017-03-26 22:05 - 57131432 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-26 21:32 - 2017-03-26 21:32 - 00003818 _____ C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan 2017-03-26 21:32 - 2017-03-26 21:32 - 00003666 _____ C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan 2017-03-26 21:32 - 2017-03-26 21:32 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-26 21:32 - 2017-03-26 21:32 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-26 21:31 - 2017-03-26 21:32 - 00000000 ____D C:\Program Files (x86)\DriverRestore 2017-03-26 21:31 - 2017-03-26 21:31 - 00001142 _____ C:\Users\Public\Desktop\DriverRestore.lnk 2017-03-26 21:31 - 2017-03-26 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2017-03-26 21:31 - 2016-12-16 03:41 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS 2017-03-26 21:30 - 2017-03-26 21:30 - 01129376 _____ (Google Inc.) C:\Users\Michael\Downloads\ChromeSetup (2).exe 2017-03-26 21:30 - 2017-03-26 21:30 - 00003788 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2017-03-26 21:30 - 2017-03-26 21:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\InstantSupport 2017-03-26 21:30 - 2017-03-26 21:30 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashRpt 2017-03-26 21:30 - 2017-03-26 21:30 - 00000000 ____D C:\Users\Michael\AppData\Local\Chromium 2017-03-26 21:30 - 2017-03-26 21:30 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade 2017-03-26 21:29 - 2017-03-27 12:11 - 00000000 ____D C:\ProgramData\PCAcceleratePro 2017-03-26 21:29 - 2017-03-26 21:29 - 00001153 _____ C:\Users\Public\Desktop\Instant Support.lnk 2017-03-26 21:29 - 2017-03-26 21:29 - 00001140 _____ C:\Users\Public\Desktop\PCAcceleratePro.lnk 2017-03-26 21:29 - 2017-03-26 21:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PCAcceleratePro 2017-03-26 21:29 - 2017-03-26 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro 2017-03-26 21:29 - 2017-03-26 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstantSupport 2017-03-26 21:29 - 2017-03-26 21:29 - 00000000 ____D C:\Program Files (x86)\PCAccelerateP 2017-03-26 21:28 - 2017-03-26 21:29 - 00000000 ____D C:\Program Files (x86)\InstallPrepared 2017-03-26 21:28 - 2017-03-26 21:28 - 00000000 ____D C:\Users\Michael\AppData\Local\Lavasoft 2017-03-26 21:27 - 2017-03-26 21:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Lavasoft 2017-03-26 21:27 - 2017-03-26 21:27 - 00000000 ____D C:\ProgramData\Lavasoft 2017-03-26 21:27 - 2017-03-26 21:27 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2017-03-26 21:25 - 2017-03-26 21:26 - 01129840 _____ (Software Assistant) C:\Users\Michael\Downloads\Chrome Setup.exe 2017-03-26 21:23 - 2017-03-26 21:23 - 01129376 _____ (Google Inc.) C:\Users\Michael\Downloads\ChromeSetup (1).exe 2017-03-26 21:01 - 2017-03-26 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-26 21:00 - 2017-03-26 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe 2017-03-26 21:00 - 2017-03-26 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe 2017-03-26 20:14 - 2017-03-26 20:14 - 00881904 _____ (Plumbytes Software) C:\Users\Michael\Downloads\antimalwaresetup.exe 2017-03-26 19:08 - 2017-03-26 19:08 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe 2017-03-26 17:16 - 2017-03-26 17:16 - 01835472 _____ (GridinSoft LLC) C:\Users\Michael\Downloads\TrojanKiller-Setup.exe 2017-03-26 17:14 - 2017-03-26 17:22 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2017-03-26 17:13 - 2017-03-26 17:13 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michael\Downloads\spybot-2.4 (1).exe 2017-03-26 16:49 - 2017-03-26 16:49 - 00452412 _____ C:\WINDOWS\Minidump\032617-30218-01.dmp 2017-03-26 16:28 - 2017-03-26 16:28 - 00020494 _____ C:\WINDOWS\ntbtlog.txt 2017-03-26 16:05 - 2017-03-26 19:17 - 00050776 _____ C:\Users\Michael\Downloads\Addition.txt 2017-03-26 16:03 - 2017-03-27 12:15 - 00000000 ____D C:\FRST 2017-03-26 16:03 - 2017-03-26 16:03 - 02424832 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2017-03-26 16:03 - 2017-03-26 16:03 - 01766912 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe 2017-03-26 16:00 - 2017-03-26 16:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michael\Downloads\spybot-2.4.exe 2017-03-26 15:44 - 2017-03-26 15:45 - 00000360 _____ C:\Users\Michael\Desktop\stdout.txt 2017-03-26 15:44 - 2017-03-26 15:44 - 00023990 _____ C:\Users\Michael\Desktop\snes9x.conf 2017-03-26 15:44 - 2017-03-26 15:44 - 00000000 ____D C:\Users\Michael\Desktop\Cheats 2017-03-26 15:44 - 2017-03-26 15:44 - 00000000 _____ C:\Users\Michael\Desktop\stderr.txt 2017-03-26 15:37 - 2017-03-26 18:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-03-26 15:35 - 2017-03-26 15:35 - 00000000 ____D C:\WINDOWS\pss 2017-03-26 15:02 - 2017-03-26 14:53 - 57131432 _____ (Malwarebytes ) C:\Users\Michael\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-26 14:27 - 2017-03-27 12:16 - 00024512 _____ C:\Users\Michael\Downloads\FRST.txt 2017-03-26 14:25 - 2017-03-26 14:25 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.09.3.1001.exe 2017-03-26 14:22 - 2017-03-26 14:58 - 00000000 ____D C:\Users\Michael\AppData\Local\llssoft 2017-03-26 14:13 - 2017-03-26 16:49 - 00000000 ____D C:\WINDOWS\Minidump 2017-03-26 14:13 - 2017-03-26 14:13 - 00000000 _____ C:\WINDOWS\Minidump\032617-44890-01.dmp 2017-03-26 14:10 - 2017-03-26 14:15 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job 2017-03-26 14:10 - 2017-03-26 14:15 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian 2017-03-26 14:10 - 2017-03-26 14:10 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard 2017-03-26 14:10 - 2017-03-26 14:10 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian 2017-03-26 14:10 - 2017-03-26 14:10 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application 2017-03-26 14:10 - 2017-03-26 14:10 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard 2017-03-26 14:10 - 2017-03-26 14:10 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange 2017-03-26 14:10 - 2017-03-26 14:10 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater 2017-03-26 14:10 - 2017-03-26 14:10 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater 2017-03-26 14:10 - 2017-03-26 14:10 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian 2017-03-26 14:10 - 2017-03-26 14:10 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard 2017-03-26 14:10 - 2017-03-26 14:10 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian 2017-03-26 14:10 - 2017-03-26 14:10 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209 2017-03-26 14:10 - 2017-03-26 14:10 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard 2017-03-26 14:10 - 2017-03-26 14:10 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 2017-03-26 14:10 - 2017-03-26 14:10 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 2017-03-26 14:10 - 2017-03-26 14:10 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 2017-03-26 14:10 - 2017-03-26 14:10 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2 2017-03-26 14:10 - 2017-03-26 14:10 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 2017-03-26 14:10 - 2017-03-26 14:10 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 2017-03-26 14:10 - 2017-03-26 14:10 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 2017-03-26 14:10 - 2017-03-26 14:10 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job 2017-03-26 14:10 - 2017-03-26 14:10 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-03-26 14:09 - 2017-03-26 21:05 - 00000000 ____D C:\Users\Michael\AppData\Local\ntuserlitelist 2017-03-26 14:09 - 2017-03-26 15:43 - 00000000 ____D C:\Program Files (x86)\s5 2017-03-26 14:09 - 2017-03-26 14:10 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-03-26 14:09 - 2017-03-26 14:10 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-03-26 14:09 - 2017-03-26 14:09 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe 2017-03-26 14:09 - 2017-03-26 14:09 - 00076576 ____N C:\WINDOWS\system32\Drivers\ndistpr64.sys 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\c 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AGData 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\AppData\Local\microlabs 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\AppData\Local\AnonymizerLauncher 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\.proxycheck 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\Users\Michael\.AnonymizerLauncher 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2017-03-26 14:09 - 2017-03-26 14:09 - 00000000 ____D C:\ProgramData\1490562578 2017-03-26 14:08 - 2017-03-26 14:09 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget 2017-03-25 21:41 - 2017-03-25 21:42 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data (5).pdf 2017-03-25 17:21 - 2017-03-24 10:16 - 00000000 ____D C:\Users\Michael\Desktop\The Legend of Zelda - Breath of the Wild [FitGirl Repack] 2017-03-25 16:49 - 2017-03-25 17:14 - 1587268934 _____ C:\Users\Michael\Downloads\The Legend of Zelda - Breath of the Wild.zip 2017-03-25 13:56 - 2017-03-25 13:56 - 00000000 ___HD C:\ProgramData\CanonIJFAX 2017-03-25 13:56 - 2013-09-25 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALC2.DLL 2017-03-25 13:55 - 2017-03-25 13:55 - 00000000 ___HD C:\ProgramData\CanonBJ 2017-03-25 13:54 - 2013-09-12 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMC2.DLL 2017-03-25 13:40 - 2017-03-25 13:41 - 08086843 _____ C:\Users\Michael\Desktop\citra-qt-gcc-jit-sse3-15.exe 2017-03-25 13:40 - 2016-09-23 17:31 - 08070108 _____ C:\Users\Michael\Desktop\citra-qt-gcc-jit-sse3-15-no-gs-refactor.exe 2017-03-25 13:40 - 2016-07-03 21:50 - 00302592 _____ (The Qt Company Ltd) C:\Users\Michael\Desktop\Qt5OpenGL.dll 2017-03-25 13:40 - 2016-07-03 21:49 - 05701632 _____ (The Qt Company Ltd) C:\Users\Michael\Desktop\Qt5Widgets.dll 2017-03-25 13:40 - 2016-07-03 21:47 - 04789248 _____ (The Qt Company Ltd) C:\Users\Michael\Desktop\Qt5Gui.dll 2017-03-25 13:40 - 2016-07-03 21:45 - 05257728 _____ (The Qt Company Ltd) C:\Users\Michael\Desktop\Qt5Core.dll 2017-03-25 13:40 - 2016-01-01 15:59 - 01230336 _____ () C:\Users\Michael\Desktop\SDL2.dll 2017-03-25 13:40 - 2015-12-29 08:55 - 01428992 _____ C:\Users\Michael\Desktop\libstdc++-6.dll 2017-03-25 13:40 - 2015-12-29 08:55 - 00083456 _____ C:\Users\Michael\Desktop\libgcc_s_seh-1.dll 2017-03-25 13:32 - 2017-03-25 13:34 - 15261175 _____ C:\Users\Michael\Downloads\citra_20160924_cpu_jit.zip 2017-03-25 13:10 - 2017-03-25 13:14 - 00000000 ____D C:\Users\Michael\Desktop\3DS Emulator 2017-03-25 12:29 - 2017-03-25 13:27 - 00000000 ____D C:\Users\Michael\Downloads\0680 - Phoenix Wright - Ace Attorney - Dual Destinies (eShop) Decrypted 2017-03-25 12:29 - 2017-03-25 12:33 - 580575232 ____R C:\Users\Michael\Desktop\0680 - Phoenix Wright - Ace Attorney - Dual Destinies (eShop) Decrypted.3ds 2017-03-25 12:28 - 2017-03-25 12:28 - 00011826 _____ C:\Users\Michael\Downloads\0680 - Phoenix Wright - Ace Attorney - Dual Destinies (eShop) Decrypted.torrent 2017-03-25 12:24 - 2017-03-25 12:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Citra 2017-03-25 12:24 - 2016-01-27 07:11 - 00000000 ____D C:\Users\Michael\Desktop\platforms 2017-03-25 12:23 - 2017-03-25 12:24 - 11700372 _____ C:\Users\Michael\Downloads\citra-windows-msvc-20170325-eb8a7a9.zip 2017-03-25 11:56 - 2017-03-25 11:56 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data (4).pdf 2017-03-25 01:17 - 2017-03-25 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VickNet 2017-03-24 23:49 - 2017-03-24 23:49 - 00645729 _____ (WDS Team) C:\Users\Michael\Downloads\windirstat1_1_2_setup.exe 2017-03-24 23:49 - 2017-03-24 23:49 - 00001106 _____ C:\Users\Michael\Desktop\WinDirStat.lnk 2017-03-24 23:47 - 2017-03-25 00:14 - 00000000 ____D C:\Users\Michael\AppData\Local\MegaDownloader 2017-03-24 23:47 - 2017-03-24 23:47 - 02091598 _____ (AppsForMega.info ) C:\Users\Michael\Downloads\MegaDownloader_v1-7.exe 2017-03-24 23:47 - 2017-03-24 23:47 - 00000927 _____ C:\Users\Public\Desktop\MegaDownloader.lnk 2017-03-24 23:47 - 2017-03-24 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader 2017-03-24 23:47 - 2017-03-24 23:47 - 00000000 ____D C:\Program Files\MegaDownloader 2017-03-24 22:21 - 2017-03-24 22:21 - 00012654 _____ C:\Users\Michael\Downloads\Danganronpa.V3.Killing.Harmony.Pc.torrent 2017-03-22 22:57 - 1996-12-24 23:32 - 33554432 ____N C:\Users\Michael\Desktop\Legend of Zelda, The - Majora's Mask (USA).n64 2017-03-21 12:10 - 2017-03-21 12:10 - 00218517 _____ C:\Users\Michael\Downloads\Lab10-turnin.sagews.html 2017-03-21 11:26 - 2017-03-21 11:26 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data (3).pdf 2017-03-21 10:42 - 2017-03-21 10:42 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data (2).pdf 2017-03-21 08:32 - 2017-03-21 08:32 - 18658497 _____ C:\Users\Michael\Downloads\Chapter 3 2017-03-21 08:32 - 2017-03-21 08:32 - 13711258 _____ C:\Users\Michael\Downloads\Chapters 0 and 1 2017-03-21 08:32 - 2017-03-21 08:32 - 01074533 _____ C:\Users\Michael\Downloads\Chapter 2 2017-03-20 06:55 - 2017-03-20 06:55 - 00223373 _____ C:\Users\Michael\Documents\Transcript - Student Copy (Unofficial) 2.html 2017-03-19 19:23 - 2017-03-19 19:23 - 00318305 _____ C:\Users\Michael\Documents\Transcript - Student Copy (Unofficial).html 2017-03-19 19:23 - 2017-03-19 19:23 - 00000000 ____D C:\Users\Michael\Documents\Transcript - Student Copy (Unofficial)_files 2017-03-17 11:15 - 2017-03-17 11:15 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data (1).pdf 2017-03-17 11:15 - 2017-03-17 11:15 - 00174394 _____ C:\Users\Michael\Downloads\linear_approximations_to_surfaces_and_vector_fields (2).pdf 2017-03-14 21:30 - 2017-03-14 21:30 - 00179233 _____ C:\Users\Michael\Downloads\optimally_summarizing_data.pdf 2017-03-14 21:30 - 2017-03-14 21:30 - 00174394 _____ C:\Users\Michael\Downloads\linear_approximations_to_surfaces_and_vector_fields (1).pdf 2017-03-13 17:47 - 2017-03-13 17:47 - 00230901 _____ C:\Users\Michael\Downloads\Discrete_Logistic_Equation_and_Chaos (1).pdf 2017-03-13 17:47 - 2017-03-13 17:47 - 00116260 _____ C:\Users\Michael\Downloads\ODE_chaos_lab (3).pdf 2017-03-10 12:06 - 2017-03-10 12:06 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves (5).pdf 2017-03-10 12:05 - 2017-03-10 12:05 - 00174394 _____ C:\Users\Michael\Downloads\linear_approximations_to_surfaces_and_vector_fields.pdf 2017-03-09 23:14 - 2017-03-09 23:14 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves (4).pdf 2017-03-09 10:14 - 2017-03-09 10:14 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves (3).pdf 2017-03-08 22:00 - 2017-03-08 22:00 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves (2).pdf 2017-03-07 20:58 - 2017-03-07 20:58 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves (1).pdf 2017-03-07 13:14 - 2017-03-07 13:14 - 00431105 _____ C:\Users\Michael\Downloads\modeling_mangroves.pdf 2017-02-26 23:06 - 2017-02-26 23:06 - 00600526 _____ C:\Users\Michael\Downloads\Midterm-2-practice-problems-Solutions (4).pdf 2017-02-26 22:01 - 2017-02-26 22:01 - 00600526 _____ C:\Users\Michael\Downloads\Midterm-2-practice-problems-Solutions (3).pdf 2017-02-26 21:57 - 2017-02-26 21:57 - 00600526 _____ C:\Users\Michael\Downloads\Midterm-2-practice-problems-Solutions (2).pdf 2017-02-26 21:56 - 2017-02-26 21:56 - 00600526 _____ C:\Users\Michael\Downloads\Midterm-2-practice-problems-Solutions (1).pdf 2017-02-26 21:46 - 2017-02-26 21:46 - 00600526 _____ C:\Users\Michael\Downloads\Midterm-2-practice-problems-Solutions.pdf 2017-02-26 20:09 - 2017-02-26 20:09 - 00868778 _____ C:\Users\Michael\Downloads\dmv_LifeSCAN_8016_2-24-17.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 12:18 - 2016-07-19 13:58 - 00000000 ____D C:\Users\Michael\Documents\MEGAsync Downloads 2017-03-27 12:10 - 2016-07-19 13:27 - 00000000 ___RD C:\Users\Michael\OneDrive 2017-03-27 12:09 - 2016-08-22 19:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-03-27 12:09 - 2016-07-19 13:23 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2017-03-27 01:15 - 2016-08-22 19:13 - 00000000 ____D C:\Users\Michael 2017-03-26 23:16 - 2016-08-22 19:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-26 21:52 - 2016-07-19 19:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-26 21:33 - 2016-07-19 13:31 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-26 21:30 - 2016-08-22 19:24 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-03-26 21:30 - 2016-08-22 19:24 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-03-26 21:24 - 2016-07-19 13:29 - 00987728 _____ (Google Inc.) C:\Users\Michael\Downloads\ChromeSetup.exe.akq95hp.partial 2017-03-26 19:01 - 2016-08-22 19:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-26 19:01 - 2016-08-22 19:09 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-26 19:01 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-03-26 17:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-26 17:18 - 2016-07-19 13:23 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2017-03-26 16:49 - 2016-07-25 20:51 - 751460541 _____ C:\WINDOWS\MEMORY.DMP 2017-03-26 15:54 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-03-26 15:44 - 2016-11-16 22:14 - 00000000 ____D C:\Users\Michael\Desktop\Saves 2017-03-26 14:24 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-26 14:11 - 2016-11-23 23:33 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microleaves 2017-03-26 14:06 - 2016-12-25 13:47 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\uTorrent 2017-03-26 14:03 - 2016-11-25 22:40 - 00000000 ____D C:\Users\Michael\AppData\Local\2K Games 2017-03-26 13:14 - 2016-07-22 21:14 - 00000000 ____D C:\Games 2017-03-26 12:28 - 2016-07-12 03:30 - 00000000 ____D C:\Program Files (x86)\Steam 2017-03-26 12:21 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-26 12:20 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-03-25 13:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-03-23 17:53 - 2017-01-02 21:29 - 00000000 ____D C:\Users\Michael\Desktop\Ps2 Isos 2017-03-21 11:35 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-21 11:34 - 2016-04-25 13:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-03-17 11:37 - 2016-04-25 13:04 - 01291416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-16 11:56 - 2016-07-19 19:03 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-03-16 11:54 - 2016-07-19 19:03 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-03-16 11:13 - 2017-02-06 00:16 - 00004556 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-03-16 11:13 - 2017-02-06 00:16 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-03-16 11:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-03-16 11:13 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-03-11 22:39 - 2016-07-12 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware 2017-03-11 22:39 - 2016-07-12 03:13 - 00000000 ____D C:\Program Files\Alienware 2017-03-09 22:17 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-03-09 22:17 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-03 23:59 - 2016-08-28 17:48 - 00000000 ____D C:\Program Files (x86)\Hyperdimension Neptunia Re Birth1 2017-03-03 23:58 - 2016-08-16 11:18 - 00000000 ____D C:\Program Files (x86)\Grand Theft Auto V 2017-03-03 23:30 - 2016-11-19 22:53 - 00000000 ____D C:\Users\Michael\Desktop\YandereSimulator_Data ==================== Files in the root of some directories ======= 2016-12-20 03:34 - 2003-04-08 20:28 - 0233472 ____R () C:\Users\Michael\AppData\Roaming\MafiaSetup.exe 2016-11-23 23:34 - 2016-11-23 23:34 - 0002560 _____ () C:\Users\Michael\AppData\Local\uninstallro.exe 2016-12-24 15:02 - 2016-12-24 15:02 - 0000016 _____ () C:\ProgramData\mntemp Some files in TEMP: ==================== 2016-12-20 03:46 - 2017-03-03 21:59 - 0043520 _____ () C:\Users\Michael\AppData\Local\Temp\CmdLineExt03.dll 2017-01-16 01:32 - 2017-01-16 01:32 - 0211064 _____ (383 Media, Inc.) C:\Users\Michael\AppData\Local\Temp\DRHelper_installFinish.exe 2017-01-16 01:32 - 2017-01-16 01:32 - 0211064 _____ (383 Media, Inc.) C:\Users\Michael\AppData\Local\Temp\DRHelper_installStart.exe 2016-08-30 18:53 - 2016-08-30 21:09 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Michael\AppData\Local\Temp\drm_dyndata_7400009.dll 2016-11-23 18:40 - 2016-11-23 18:40 - 6453608 _____ (Black Tree Gaming ) C:\Users\Michael\AppData\Local\Temp\Nexus Mod Manager-0.63.9.exe 2016-08-26 22:06 - 2017-03-03 21:59 - 0012305 _____ () C:\Users\Michael\AppData\Local\Temp\SIntf16.dll 2016-08-26 22:06 - 2017-03-03 21:59 - 0020020 _____ () C:\Users\Michael\AppData\Local\Temp\SIntf32.dll 2016-08-26 22:06 - 2017-03-03 21:59 - 0024744 _____ () C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll 2017-03-24 09:52 - 2017-03-24 09:52 - 3993432 _____ (MarvelStartup) C:\Users\Michael\AppData\Local\Temp\t17BHGvN-prog.exe 2017-03-24 09:52 - 2017-03-24 09:52 - 0140872 _____ () C:\Users\Michael\AppData\Local\Temp\t17BHGvN-upd.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-21 13:59 ==================== End of FRST.txt ============================