Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"regsvr32 the module failed to load" on startup after malware


  • This topic is locked This topic is locked

#1
jgaf

jgaf

    New Member

  • Member
  • Pip
  • 5 posts

Hello, 

 

Today I notice some weird activity on my PC, pop-ups related to possible malware regarding windows key corruption. Thus, I ran several malware removal software:

 

  • ADWCleaner
  • Malwarebytes
  • HitManPro

Several threats were identified and removed. One of the identified files was the dll which is failing to load (see image of error), I am guessing there are still some traces of it in my PC.

 

I would appreciate it if someone could help me remove any traces or remaining threats of my PC. I have attached the logs from FRST and a picture of the error I get on startup.

 

Thank you

Attached Thumbnails

  • Capture.PNG

Attached Files


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please note: save the fix list to here--> E:\Users\juang\Downloads
Do not attach logs, post them directly into the reply box.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.


start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Appworks] => regsvr32.exe C:\Users\juang\AppData\Local\Appworks\WrapEventaudio.dll <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
Task: {13A88B5D-6640-4FFB-BFCD-F2CCF0AE5708} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {3D81B5AD-91AD-4F2C-BCEE-D5162AF06546} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6DE57878-F21F-4295-B747-74D2514390A0} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A1E7C9AA-DC3E-4B01-A3C0-34BA6DF44DB0} - \{A314B3CC-41FC-49CB-8743-00A0FA60E725} -> No File <==== ATTENTION
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to E:\Users\juang\Downloads (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log in E:\Users\juang\Downloads (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
jgaf

jgaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you for the quick reply. I ran the fix and rebooted PC. I am still getting an error at startup, but it is just one. Before I was getting the same error twice, only one pops up. 

 

 

EDIT:

 

Sorry just noticed that the directory for the dll on the other error is slightly different, added new picture. I thought they were the same.

Attached Thumbnails

  • Capture2.PNG

Attached Files


Edited by jgaf, 12 January 2017 - 07:17 PM.

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

I am still getting an error at startup


Whats the error say?


Do not attach the logs, copy and paste then directly into the reply box.


Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#5
jgaf

jgaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I edited my earlier post it seems I was getting 2 errors for the same file on different locations. The fix worked for the error on my first post. See picture on 3rd post. Thank you and sorry for the inconvenience. 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by juang (12-01-2017 20:05:00) Run:1
Running from E:\Users\juang\Downloads
Loaded Profiles: juang (Available Profiles: juang)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Appworks] => regsvr32.exe C:\Users\juang\AppData\Local\Appworks\WrapEventaudio.dll <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
Task: {13A88B5D-6640-4FFB-BFCD-F2CCF0AE5708} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {3D81B5AD-91AD-4F2C-BCEE-D5162AF06546} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6DE57878-F21F-4295-B747-74D2514390A0} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A1E7C9AA-DC3E-4B01-A3C0-34BA6DF44DB0} - \{A314B3CC-41FC-49CB-8743-00A0FA60E725} -> No File <==== ATTENTION
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Appworks => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A88B5D-6640-4FFB-BFCD-F2CCF0AE5708} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A88B5D-6640-4FFB-BFCD-F2CCF0AE5708} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D81B5AD-91AD-4F2C-BCEE-D5162AF06546} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D81B5AD-91AD-4F2C-BCEE-D5162AF06546} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DE57878-F21F-4295-B747-74D2514390A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DE57878-F21F-4295-B747-74D2514390A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1E7C9AA-DC3E-4B01-A3C0-34BA6DF44DB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1E7C9AA-DC3E-4B01-A3C0-34BA6DF44DB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A314B3CC-41FC-49CB-8743-00A0FA60E725} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94381886 B
Java, Flash, Steam htmlcache => 377800006 B
Windows/system/drivers => 39552753 B
Edge => 774 B
Chrome => 149105195 B
Firefox => 12898333 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6570 B
NetworkService => 427015248 B
juang => 243068198 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:05:22 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#7
jgaf

jgaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by juang (administrator) on DARTH-HELMET (12-01-2017 20:40:07)
Running from E:\Users\juang\Downloads
Loaded Profiles: juang (Available Profiles: juang)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dashlane, Inc.) C:\Users\juang\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\juang\AppData\Roaming\Dashlane\DashlanePlugin.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [DiscordPTB] => C:\ProgramData\SquirrelMachineInstalls\DiscordPTB.exe [48566968 2016-07-16] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-10-22] (Pulse Secure, LLC)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [48565944 2016-07-16] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RemoteView5 Tray] => C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe [2615704 2014-05-08] (Rsupport Co., Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2016-12-24] (Adobe Systems Inc.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Dashlane] => C:\Users\juang\AppData\Roaming\Dashlane\Dashlane.exe [478592 2017-01-05] (Dashlane, Inc.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [DashlanePlugin] => C:\Users\juang\AppData\Roaming\Dashlane\DashlanePlugin.exe [536960 2017-01-05] ()
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Discord] => C:\Users\juang\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [883792 2016-12-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-16] ()
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4958912 2016-11-17] (Disc Soft Ltd)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1690248 2016-12-01] (BlueStack Systems, Inc.)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19318784 2016-12-20] ()
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Osbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\juang\AppData\Local\Ohics\WrapEventaudio.dll
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\Users\juang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2016-12-01]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7d27c6a0-64cc-4914-a982-9b39d4233cc6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1fc795c-58cb-4752-ad3b-9c646d709b7a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\juang\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-01-05] (Dashlane, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-04-26] (Adobe Systems Incorporated)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: kifb97uc.default
FF DefaultProfile: [email protected]
FF ProfilePath: C:\Users\juang\AppData\Roaming\Mozilla\Firefox\Profiles\kifb97uc.default [2017-01-12]
FF Extension: (Dashlane) - C:\Users\juang\AppData\Roaming\Mozilla\Firefox\Profiles\kifb97uc.default\Extensions\[email protected] [2016-08-28]
FF Extension: (CLSID_SearchSuggestionsService) - C:\Users\juang\AppData\Roaming\Mozilla\Firefox\Profiles\kifb97uc.default\Extensions\{8EB02297-69D1-BE33-389A-64C8FEA28B2E} [2017-01-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2017-01-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-463900854-2142852480-2626321906-1001: @citrixonline.com/appdetectorplugin -> C:\Users\juang\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-463900854-2142852480-2626321906-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\juang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Profile: C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default [2017-01-12]
CHR Extension: (Google Slides) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-24]
CHR Extension: (BetterTTV) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-24]
CHR Extension: (Google Docs) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-24]
CHR Extension: (Google Drive) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-24]
CHR Extension: (YouTube) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-24]
CHR Extension: (Google Cast) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-01-12]
CHR Extension: (Adblock Plus) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Ebates Cash Back) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-01-11]
CHR Extension: (Panda Poet) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf [2016-07-24]
CHR Extension: (Tampermonkey) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-19]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2016-08-31]
CHR Extension: (Dashlane) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-01-12]
CHR Extension: (Google Sheets) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-24]
CHR Extension: (Google Docs Offline) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-24]
CHR Extension: (Inoreader - RSS, News and Social Reader) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhglljfmpijadbpkalkclnhlncncdono [2016-07-24]
CHR Extension: (Cisco WebEx Extension) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-07-24]
CHR Extension: (Wikibuy) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-24]
CHR Extension: (Gmail) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\juang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1456136 2016-12-20] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-01] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-01] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1473216 2016-11-17] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [229648 2017-01-01] (EasyAntiCheat Ltd)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [142632 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-10-22] (Pulse Secure, LLC)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-05] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [127272 2016-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-09] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-10-14] (Power Admin LLC)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-11-26] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 RemotePC Agent; C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe [813448 2014-05-07] (Rsupport Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-01] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-28] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [542672 2016-05-10] (Intel Corporation)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-02-22] (ELAN Microelectronic Corp.)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation)
S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2015-10-22] (Juniper Networks)
S4 jnprTdi_816_61491; C:\WINDOWS\system32\Drivers\jnprTdi_816_61491.sys [108344 2015-10-22] (Pulse Secure, LLC)
S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2015-10-22] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [42352 2010-07-15] (Juniper Networks, Inc.)
S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-05] (NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
S3 rssasnt; C:\Program Files (x86)\Samsung\Remote PC\rssas64.sys [18184 2013-08-22] (Rsupport Co.,Ltd)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 Serial; C:\WINDOWS\system32\DRIVERS\wdfserial.sys [80664 2015-03-06] (LG Electronics Inc.)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-14] ()
R1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [13344 2016-11-24] (Rsupport Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-02] (Wellbia.com Co., Ltd.)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 20:24 - 2017-01-12 20:24 - 00000829 _____ C:\Users\juang\Desktop\Europa Universalis IV Rights of Man.lnk
2017-01-12 18:43 - 2017-01-12 18:43 - 01273980 _____ C:\Users\juang\AppData\Local\ars.cache
2017-01-12 18:43 - 2017-01-12 18:43 - 01259673 _____ C:\Users\juang\AppData\Local\census.cache
2017-01-12 18:43 - 2017-01-12 18:43 - 00000010 _____ C:\Users\juang\AppData\Local\sponge.last.runtime.cache
2017-01-12 18:36 - 2017-01-12 18:36 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-01-12 18:36 - 2017-01-12 18:36 - 00000000 ____D C:\ProgramData\Trend Micro
2017-01-12 18:34 - 2017-01-12 18:34 - 02527376 _____ (Trend Micro Inc.) C:\Users\juang\Desktop\HousecallLauncher64.exe
2017-01-12 18:34 - 2017-01-12 18:34 - 00000036 _____ C:\Users\juang\AppData\Local\housecall.guid.cache
2017-01-12 18:34 - 2016-08-22 14:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-01-12 18:23 - 2017-01-12 18:23 - 1619695256 _____ C:\WINDOWS\MEMORY.DMP
2017-01-12 18:23 - 2017-01-12 18:23 - 00545660 _____ C:\WINDOWS\Minidump\011217-6562-01.dmp
2017-01-12 18:17 - 2017-01-12 20:40 - 00000000 ____D C:\FRST
2017-01-12 16:58 - 2017-01-12 16:58 - 00000554 _____ C:\Users\juang\Desktop\JRT.txt
2017-01-12 15:01 - 2017-01-12 15:47 - 00000000 ____D C:\EEK
2017-01-12 14:33 - 2017-01-12 14:33 - 00002328 _____ C:\WINDOWS\system32\.crusader
2017-01-12 14:31 - 2016-11-13 16:17 - 00453639 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170112-143118.backup
2017-01-12 14:28 - 2017-01-12 14:35 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-12 14:25 - 2017-01-12 14:28 - 11581544 _____ (SurfRight B.V.) C:\Users\juang\Desktop\hitmanpro_x64.exe
2017-01-12 14:24 - 2017-01-12 18:29 - 00000000 ____D C:\AdwCleaner
2017-01-12 14:23 - 2017-01-12 14:24 - 03988944 _____ C:\Users\juang\Desktop\adwcleaner_6.042.exe
2017-01-11 20:57 - 2017-01-11 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 13:18 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 13:18 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 13:18 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 13:18 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 13:17 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 13:17 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 13:17 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 13:17 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 13:17 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 13:17 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 13:17 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 13:17 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 13:17 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 13:17 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 13:17 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 13:17 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 13:17 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 13:17 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 13:17 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 13:17 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 13:17 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 13:17 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 13:17 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 13:17 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 13:17 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 13:17 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 13:17 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 13:17 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 13:17 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 13:17 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 13:17 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 13:17 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 13:17 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 13:17 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 13:17 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 13:17 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 13:17 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 13:17 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 13:17 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 13:17 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 13:17 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 13:17 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 13:17 - 2016-12-13 23:41 - 00362496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-01-11 13:17 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 13:17 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 13:17 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 13:17 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 13:17 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 13:17 - 2016-12-13 23:35 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-01-11 13:17 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 13:17 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 13:17 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 13:17 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 13:17 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 13:17 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 13:17 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 13:17 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 13:17 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 13:12 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 13:12 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 13:12 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 13:12 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 13:12 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 13:12 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 13:12 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 13:12 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 13:12 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 13:12 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 13:12 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 13:12 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 13:12 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 13:12 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 13:12 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 13:12 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 13:12 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 13:12 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 13:12 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 13:12 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 13:12 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 13:12 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 13:12 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 13:12 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 13:12 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 13:12 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 13:12 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 13:12 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 13:12 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 13:12 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 13:12 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 13:12 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 13:12 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 13:12 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 13:12 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 13:12 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 13:12 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 13:12 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 13:12 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 13:12 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 13:12 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 13:12 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 13:12 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 13:12 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 13:12 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 13:12 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 13:12 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 13:12 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 13:12 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 13:12 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 13:11 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 13:11 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 13:11 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 13:11 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 13:11 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 13:11 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 13:11 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 13:11 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 13:11 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 13:11 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 13:11 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 13:11 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 13:11 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 13:11 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 13:11 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 13:11 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 13:11 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 13:11 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 13:11 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 13:11 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 13:11 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 13:11 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 13:11 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 13:11 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 13:11 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 13:11 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 13:11 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 13:11 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 13:11 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 13:11 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 13:11 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 13:11 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 13:11 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 13:11 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 13:11 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 13:11 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 13:11 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 13:11 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 13:11 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 13:11 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 13:11 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 13:11 - 2016-12-13 23:42 - 00384000 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-01-11 13:11 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 13:11 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 13:11 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 13:11 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 13:11 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 13:11 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 13:11 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 13:11 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 13:11 - 2016-12-13 23:25 - 02795520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-11 13:11 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 13:11 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 13:11 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 13:11 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 13:11 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 13:11 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 13:11 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 13:10 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 13:10 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 13:10 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 16:41 - 2017-01-11 16:41 - 00000000 ____D C:\Users\juang\AppData\Roaming\Sid.Meiers.Civilization.VI.Deluxe.v1.0.0.56.Incl.5DLC
2017-01-09 23:34 - 2017-01-05 20:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-09 23:34 - 2017-01-05 20:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-09 23:34 - 2017-01-05 20:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-08 23:32 - 2017-01-08 23:32 - 00000000 ____D C:\Users\juang\AppData\LocalLow\AMPLITUDE Studios
2017-01-08 22:58 - 2017-01-08 22:58 - 00070357 _____ C:\Users\juang\Desktop\voucher_274594836.pdf
2017-01-06 23:55 - 2017-01-06 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-01-06 19:43 - 2017-01-06 19:43 - 00127807 _____ C:\Users\juang\Desktop\signed rebate form.pdf
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-04 18:16 - 2017-01-04 18:16 - 00000000 ____D C:\ProgramData\Steam
2017-01-04 14:31 - 2017-01-04 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-01-02 14:51 - 2017-01-09 22:26 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Mozilla
2017-01-02 10:50 - 2017-01-02 10:55 - 00000000 ____D C:\Users\juang\AppData\Roaming\7DaysToDie
2016-12-30 12:38 - 2016-12-30 12:38 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-28 16:51 - 2016-12-28 16:51 - 00000000 ____D C:\Users\juang\AppData\LocalLow\MURAInteractive
2016-12-26 19:16 - 2016-12-26 19:16 - 00002094 _____ C:\Users\Public\Desktop\Bloody6.lnk
2016-12-26 19:16 - 2016-12-26 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
2016-12-25 20:36 - 2016-12-25 20:36 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Fenix Fire Entertainment
2016-12-23 12:35 - 2016-12-23 12:35 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-23 12:35 - 2016-12-23 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft
2016-12-23 12:34 - 2016-12-23 12:36 - 00001031 _____ C:\Users\juang\Desktop\Shattered Skies.lnk
2016-12-23 12:34 - 2016-12-23 12:34 - 00000000 ____D C:\Users\juang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shattered Skies
2016-12-22 20:46 - 2016-12-22 20:46 - 11068975 _____ C:\Users\juang\Desktop\rprogramming.pdf
2016-12-22 20:32 - 2016-12-22 20:35 - 00000000 ____D C:\Rtools
2016-12-22 20:15 - 2016-12-22 20:16 - 00000000 ____D C:\Users\juang\test
2016-12-22 20:06 - 2016-12-22 20:47 - 00000261 _____ C:\Users\juang\.bash_history
2016-12-22 20:06 - 2016-12-22 20:06 - 00000053 _____ C:\Users\juang\.gitconfig
2016-12-22 19:53 - 2016-12-22 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-12-22 19:53 - 2016-12-22 19:53 - 00000000 ____D C:\ProgramData\Git
2016-12-22 19:49 - 2016-12-22 19:53 - 00000000 ____D C:\Program Files\Git
2016-12-21 17:19 - 2016-12-21 17:19 - 00000000 ____D C:\Users\juang\wekafiles
2016-12-21 17:19 - 2016-12-21 17:19 - 00000000 ____D C:\Users\juang\chemaxon
2016-12-21 17:17 - 2016-12-21 17:17 - 00000769 _____ C:\Users\Public\Desktop\KNIME Analytics Platform.lnk
2016-12-21 17:17 - 2016-12-21 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME
2016-12-21 17:13 - 2016-12-21 17:13 - 00000877 _____ C:\Users\juang\Desktop\HTTrack Website Copier.lnk
2016-12-21 17:13 - 2016-12-21 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2016-12-21 17:13 - 2016-12-21 17:13 - 00000000 ____D C:\Program Files\WinHTTrack
2016-12-19 17:29 - 2017-01-12 20:04 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-19 17:29 - 2016-12-19 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-19 12:26 - 2016-12-19 12:26 - 00001231 _____ C:\Users\Public\Desktop\Gephi.lnk
2016-12-19 12:26 - 2016-12-19 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gephi
2016-12-19 12:26 - 2016-12-19 12:26 - 00000000 ____D C:\Program Files (x86)\Gephi-0.9.1
2016-12-17 18:24 - 2016-12-17 18:24 - 00246233 _____ C:\Users\juang\Desktop\Topic_Modeling_of_Tweets_in_R_A_Tutorial.pdf
2016-12-16 17:25 - 2016-12-16 17:25 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:25 - 2016-12-16 17:25 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 15:26 - 2016-12-11 13:23 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-12-15 15:26 - 2016-09-09 13:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-12-15 15:26 - 2016-09-09 13:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-12-15 15:26 - 2016-09-09 13:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-12-15 15:26 - 2016-09-09 13:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-12-15 15:23 - 2016-12-11 22:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00617696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-12-15 15:23 - 2016-12-11 22:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-12-15 15:16 - 2017-01-09 23:34 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log
2016-12-15 15:16 - 2017-01-09 23:34 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 23:34 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 23:34 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 23:34 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 23:34 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 23:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-15 15:16 - 2017-01-09 22:46 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-15 15:16 - 2017-01-05 19:09 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2016-12-13 20:54 - 2016-12-13 20:54 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Clover.users
2016-12-13 20:54 - 2016-12-13 20:54 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Clover
2016-12-13 15:01 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 15:01 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 15:01 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 15:01 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 15:01 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 15:01 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 15:01 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 15:01 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 15:01 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 15:01 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 15:01 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 15:01 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 15:01 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 15:01 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 15:01 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 15:01 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 15:01 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 15:01 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 15:01 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 15:01 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 15:01 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 15:01 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 15:01 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 15:01 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 15:01 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 15:01 - 2016-12-09 04:17 - 04978176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-12-13 15:01 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 15:01 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 15:01 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 15:01 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 15:00 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 15:00 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 15:00 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 15:00 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 15:00 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 15:00 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 15:00 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 15:00 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 15:00 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 15:00 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 15:00 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 15:00 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 15:00 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 15:00 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 15:00 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 15:00 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 15:00 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 15:00 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 15:00 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 15:00 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 15:00 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 15:00 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 15:00 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 15:00 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 15:00 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 15:00 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 15:00 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 15:00 - 2016-12-09 04:45 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-12-13 15:00 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 15:00 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 15:00 - 2016-12-09 04:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-12-13 15:00 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 15:00 - 2016-12-09 04:40 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-12-13 15:00 - 2016-12-09 04:37 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-12-13 15:00 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 15:00 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 15:00 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 15:00 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 15:00 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 15:00 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 15:00 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 15:00 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 15:00 - 2016-12-09 04:24 - 06583296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-12-13 15:00 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 15:00 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 15:00 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 15:00 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 15:00 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 15:00 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 15:00 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 15:00 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 15:00 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 15:00 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 15:00 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 15:00 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 14:58 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 14:48 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 14:46 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 20:17 - 2016-09-23 02:46 - 00000000 ____D C:\Users\juang
2017-01-12 20:06 - 2016-12-08 08:08 - 00003468 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2017-01-12 20:06 - 2016-12-01 16:03 - 00000000 ____D C:\Users\juang\Documents\temp
2017-01-12 20:06 - 2016-12-01 15:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-12 20:06 - 2016-09-23 02:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-12 20:06 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 20:06 - 2016-02-12 09:25 - 00026192 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-01-12 20:06 - 2015-10-11 17:24 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-12 20:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-12 20:05 - 2016-07-16 01:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-12 20:05 - 2015-10-12 09:44 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Temp
2017-01-12 20:05 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-12 19:06 - 2016-11-27 13:15 - 00000000 ____D C:\Users\juang\AppData\Local\Argo
2017-01-12 19:02 - 2015-10-10 22:51 - 00000000 ____D C:\Users\juang\AppData\Roaming\qBittorrent
2017-01-12 18:23 - 2016-09-25 09:47 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-12 18:23 - 2016-09-23 02:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-12 15:08 - 2016-11-02 10:23 - 00096256 _____ C:\Users\juang\AppData\Local\WebpageIcons.db
2017-01-12 15:08 - 2015-10-11 10:57 - 00000000 ____D C:\Users\juang\AppData\Roaming\RStudio
2017-01-12 15:08 - 2015-10-11 10:57 - 00000000 ____D C:\Users\juang\AppData\Local\RStudio-Desktop
2017-01-12 15:06 - 2016-12-12 14:21 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-12 15:06 - 2016-12-12 14:21 - 00002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-12 15:02 - 2016-09-23 02:53 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 14:53 - 2016-01-25 10:40 - 00000000 ____D C:\Users\juang\AppData\Local\CrashDumps
2017-01-12 14:43 - 2016-01-19 13:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 14:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-12 14:35 - 2016-09-23 06:39 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-01-12 14:34 - 2016-01-29 15:44 - 00000000 ____D C:\Users\juang\AppData\Roaming\Dashlane
2017-01-12 14:29 - 2015-10-10 22:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-12 14:26 - 2015-12-23 16:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-12 14:00 - 2016-01-30 12:57 - 00000000 ___RD C:\Users\juang\Dropbox
2017-01-11 20:57 - 2015-10-10 21:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-11 20:40 - 2016-02-15 19:51 - 00000000 ____D C:\Users\juang\AppData\Roaming\discord
2017-01-11 17:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 16:42 - 2016-02-08 12:08 - 00000000 _____ C:\Users\juang\AppData\LocalLow\rightsCheck_1.txt
2017-01-11 15:54 - 2016-07-16 11:57 - 00002233 _____ C:\Users\juang\Desktop\Discord.lnk
2017-01-11 15:54 - 2016-07-16 11:57 - 00000000 ____D C:\Users\juang\AppData\Local\Discord
2017-01-11 15:54 - 2016-02-15 19:51 - 00000000 ____D C:\Users\juang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 15:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 13:51 - 2016-09-23 02:44 - 00389680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 13:51 - 2016-01-11 22:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 13:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 13:28 - 2015-10-10 23:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 13:25 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 13:25 - 2015-10-10 23:22 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 21:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 21:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 16:44 - 2016-02-18 12:07 - 00000000 ____D C:\Users\juang\AppData\Roaming\FiraxisLive
2017-01-10 15:24 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 15:22 - 2015-10-11 10:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-09 23:37 - 2016-09-23 02:46 - 01318480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 23:34 - 2016-12-01 15:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-09 23:34 - 2016-12-01 15:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-09 23:34 - 2016-01-25 16:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-09 23:11 - 2016-12-07 11:58 - 00000000 ____D C:\Users\juang\AppData\Local\Troubleshooter
2017-01-09 22:28 - 2015-10-21 12:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-09 14:41 - 2016-05-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 22:44 - 2016-01-08 16:35 - 00000000 ____D C:\Users\juang\Documents\Visual Studio 2015
2017-01-08 20:34 - 2016-05-22 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 11:55 - 2015-10-10 20:06 - 00000000 ____D C:\Users\juang\AppData\Local\Packages
2017-01-06 23:55 - 2015-10-10 20:06 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-06 19:45 - 2016-12-01 17:40 - 00336125 _____ C:\Users\juang\Desktop\rebate gpu.pdf
2017-01-05 20:10 - 2016-12-01 15:53 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-05 20:10 - 2016-12-01 15:53 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-05 20:10 - 2016-12-01 15:53 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-05 20:10 - 2016-12-01 15:53 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-05 20:10 - 2016-12-01 15:53 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-05 20:10 - 2016-12-01 15:51 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-05 19:04 - 2016-11-28 09:05 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:42 - 2016-12-01 15:52 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-04 18:16 - 2016-01-29 11:16 - 00000000 ____D C:\Users\juang\Documents\My Games
2017-01-04 14:31 - 2015-10-10 22:51 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-01-02 10:50 - 2016-08-07 20:19 - 00572664 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-01-01 14:33 - 2016-12-02 12:44 - 00229648 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-01-01 13:23 - 2016-11-27 18:27 - 00000000 ____D C:\Users\juang\Desktop\Awesome CV
2017-01-01 13:23 - 2016-11-14 19:52 - 00000000 ____D C:\Users\juang\AppData\Roaming\TeXstudio
2016-12-31 17:46 - 2015-10-13 20:47 - 00000000 ____D C:\Users\juang\AppData\Local\Arma 3
2016-12-31 17:46 - 2015-10-11 12:29 - 00000000 ____D C:\Users\juang\AppData\Local\Arma 3 Launcher
2016-12-31 15:54 - 2016-09-19 19:52 - 00000000 ____D C:\Users\juang\AppData\Roaming\Curse Client
2016-12-31 15:42 - 2016-06-13 12:45 - 00000000 ____D C:\Program Files (x86)\A3Launcher
2016-12-31 14:56 - 2016-06-13 12:46 - 00000000 ____D C:\Users\juang\Documents\mods
2016-12-30 12:38 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-30 12:38 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-30 12:38 - 2016-07-16 01:04 - 00000000 ____D C:\Program Files\Common Files
2016-12-30 12:37 - 2015-10-10 23:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-26 19:15 - 2016-07-11 22:37 - 00000000 ____D C:\Program Files (x86)\Bloody6
2016-12-23 12:35 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-23 12:35 - 2016-01-29 11:16 - 00000000 ____D C:\Users\juang\Documents\FreeReign
2016-12-23 12:34 - 2016-09-23 02:46 - 00000000 ___RD C:\Users\juang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-22 19:49 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files
2016-12-22 18:13 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 18:13 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 17:18 - 2016-02-02 13:25 - 00000000 ____D C:\Users\juang\.oracle_jre_usage
2016-12-19 18:11 - 2015-10-10 23:00 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-19 18:04 - 2015-12-29 16:16 - 00000000 ____D C:\Program Files\OBS
2016-12-19 18:03 - 2015-10-10 22:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-19 18:02 - 2016-02-09 18:05 - 00000000 ____D C:\Program Files\Rockstar Games
2016-12-19 18:01 - 2016-02-09 18:06 - 00000000 ____D C:\Users\juang\Documents\Rockstar Games
2016-12-19 18:01 - 2016-02-09 18:06 - 00000000 ____D C:\Users\juang\AppData\Local\Rockstar Games
2016-12-19 11:32 - 2016-02-12 09:33 - 00190397 _____ C:\WINDOWS\SysWOW64\bios.ini
2016-12-18 15:17 - 2016-02-10 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-12-16 17:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-15 15:26 - 2016-12-01 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-15 15:16 - 2016-12-01 15:54 - 00000000 ____D C:\Users\juang\AppData\Local\NVIDIA Corporation
2016-12-14 17:13 - 2016-07-24 12:58 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-13 23:13 - 2016-12-12 14:16 - 00000000 ____D C:\Program Files (x86)\Clover
2016-12-13 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-13 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-13 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-13 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-13 21:06 - 2015-10-10 22:41 - 00000000 ____D C:\Users\juang\AppData\Local\Battle.net
2016-12-13 21:06 - 2015-10-10 22:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-13 21:05 - 2016-11-29 11:25 - 00000000 ____D C:\Users\juang\AppData\LocalLow\Bohemia Interactive
2016-12-13 20:54 - 2016-12-12 14:17 - 00000000 ____D C:\Users\juang\AppData\Local\Clover
2016-12-13 16:31 - 2016-02-16 11:16 - 00000000 ____D C:\Users\juang\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories =======

2015-10-10 23:33 - 2015-10-10 23:33 - 0000330 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
2015-11-07 21:58 - 2016-11-27 13:14 - 0000290 _____ () C:\Users\juang\AppData\Roaming\BreakingPoint_Login.ini
2015-11-07 21:58 - 2016-11-27 13:14 - 0001428 _____ () C:\Users\juang\AppData\Roaming\BreakingPoint_Options.ini
2015-10-22 15:30 - 2015-10-25 17:43 - 0001248 _____ () C:\Users\juang\AppData\Roaming\evmanage.prf
2015-10-11 15:12 - 2016-01-05 21:13 - 0004049 _____ () C:\Users\juang\AppData\Roaming\evpro32.prf
2017-01-12 18:43 - 2017-01-12 18:43 - 1273980 _____ () C:\Users\juang\AppData\Local\ars.cache
2017-01-12 18:43 - 2017-01-12 18:43 - 1259673 _____ () C:\Users\juang\AppData\Local\census.cache
2017-01-12 18:34 - 2017-01-12 18:34 - 0000036 _____ () C:\Users\juang\AppData\Local\housecall.guid.cache
2017-01-12 18:43 - 2017-01-12 18:43 - 0000010 _____ () C:\Users\juang\AppData\Local\sponge.last.runtime.cache
2016-12-07 11:53 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\juang\AppData\Local\TroubleshooterConfig.json
2016-11-02 10:23 - 2017-01-12 15:08 - 0096256 _____ () C:\Users\juang\AppData\Local\WebpageIcons.db
2016-09-23 02:45 - 2016-09-23 02:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 15:16 - 2017-01-09 23:34 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 15:16 - 2017-01-09 22:46 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 12:53

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by juang (12-01-2017 20:40:38)
Running from E:\Users\juang\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-23 07:54:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-463900854-2142852480-2626321906-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-463900854-2142852480-2626321906-503 - Limited - Disabled)
Guest (S-1-5-21-463900854-2142852480-2626321906-501 - Limited - Disabled)
juang (S-1-5-21-463900854-2142852480-2626321906-1001 - Administrator - Enabled) => C:\Users\juang

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B16.0307.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B16.0307.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30279 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version:  - ALLPlayer Group, Ltd.)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 1.00.1606.0301 - GIGABYTE)
APP Center (x32 Version: 1.00.1606.0301 - GIGABYTE) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bloody6 (HKLM-x32\...\Bloody3) (Version: 16.12.0013 - Bloody)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.7302 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.16.1020.1 - GIGABYTE)
calibre 64bit (HKLM\...\{872CC218-5C6E-4598-B9C1-3B72BDB2BE44}) (Version: 2.40.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0220 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Dashlane) (Version: 4.6.6.23032 - Dashlane SAS)
Discord (HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DubWars (HKLM\...\Steam App 290000) (Version:  - MURA Interactive)
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.16.0614 - GIGABYTE)
EasyTuneEngineService (x32 Version: 1.16.0614 - GIGABYTE) Hidden
Empyrion - Galactic Survival (HKLM\...\Steam App 383120) (Version:  - Eleon Game Studios)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.7.1.10036 - Thomson Reuters)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Europa Universalis IV Rights of Man (HKLM-x32\...\Europa Universalis IV Rights of Man_is1) (Version:  - )
ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (WWN_youmay3) (HKLM-x32\...\{40942002-297d-4c43-971b-3f53d64a4a18}) (Version: 8.1.107.70421 - eInstruction)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Gephi 0.9.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
Git version 2.11.0 (HKLM\...\Git_is1) (Version: 2.11.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
H-Hour: World's Elite (HKLM\...\Steam App 293220) (Version:  - SOF Studios Ltd)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
KNIME Analytics Platform (HKLM\...\{61835C86-6D51-497F-A6BD-F0B4A8F0014A}_is1) (Version: 3.3.1 - KNIME GmbH)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Osiris: New Dawn (HKLM\...\Steam App 402710) (Version:  - Fenix Fire Entertainment)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plex Media Server (HKLM-x32\...\{d685b3b4-91da-4364-9e7d-f365a614d42b}) (Version: 1.3.3.3148 - Plex, Inc.)
Plex Media Server (x32 Version: 1.3.3148 - Plex, Inc.) Hidden
PNY Drive Utility (HKLM-x32\...\{F7F0273F-68B7-44EA-AD7B-1C9F9C29C562}) (Version: 1.0.8 - PNY Technologies)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project Argo (Prototype) (HKLM\...\Steam App 530700) (Version:  - )
Pulse Secure (Version: 5.1.61491 - Pulse Secure, LLC) Hidden
Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client (HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
R for Windows 3.3.2 (HKLM\...\R for Windows 3.3.2_is1) (Version: 3.3.2 - R Core Team)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Remote PC Agent (HKLM-x32\...\{82730AAC-04BA-4684-A63F-286FB9847C15}) (Version: 5.00.000 - RSUPPORT)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24723 - Microsoft Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.44 - RStudio)
Rtools 3.4 (HKLM-x32\...\Rtools_is1) (Version:  - The R Foundation)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shattered Skies version 1.0 (HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\{F0B60558-163B-4E90-833B-4C77E6FE0F14}}_is1) (Version: 1.0 - Free Reign Entertainment)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart Backup B16.0516.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0003 - GIGABYTE)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR Performance Test (HKLM\...\Steam App 323910) (Version:  - Valve)
Stopping Plex (x32 Version: 1.3.3148 - Plex, Inc.) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TeXstudio 2.11.2 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.2 - Benito van der Zander)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
TypeScript Power Tool (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
UCINET 6.624 (HKLM-x32\...\UCINET) (Version: 6.624 - Analytic Technologies)
Unity Web Player (HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Package - Acronis (tib_mounter) AcronisDevices  (07/17/2015 4.3.0.2230) (HKLM\...\9FBC4712AB557BB7B6EA69DAB21AB317ADF9A8C7) (Version: 07/17/2015 4.3.0.2230 - Acronis)
Windows Driver Package - AMD (amdkmpfd) System  (02/12/2015 15.20.0.0000) (HKLM\...\708AE871DE4DE98C022B914117B48025341D07B8) (Version: 02/12/2015 15.20.0.0000 - AMD)
Windows Driver Package - AMD (amdkmpfd) System  (08/10/2015 15.201.0.0000) (HKLM\...\77418A2019FA69F93B068CA252F72AE8FCA06AFC) (Version: 08/10/2015 15.201.0.0000 - AMD)
Windows Driver Package - ASMedia Technology Inc (asmthub3) USB  (01/21/2016 1.16.32.1) (HKLM\...\FCAC9D7FA3D915474FBD2FAF94326F3B6B7C4923) (Version: 01/21/2016 1.16.32.1 - ASMedia Technology Inc)
Windows Driver Package - ASMedia Technology Inc (asmtxhci) USB  (01/21/2016 1.16.32.1) (HKLM\...\F5C39A0924FCED66AFE36466D3621FB889A76A84) (Version: 01/21/2016 1.16.32.1 - ASMedia Technology Inc)
Windows Driver Package - ASMedia Technology Inc (asmtxhci) USB  (04/11/2016 1.16.35.1) (HKLM\...\0F7766D72740CB9EB4224712F01741B1D4A6773E) (Version: 04/11/2016 1.16.35.1 - ASMedia Technology Inc)
Windows Driver Package - ASMedia Technology Inc (asmtxhci) USB  (10/12/2015 1.16.29.1) (HKLM\...\DD455218111001C2BFFE8040C7142756001BA93E) (Version: 10/12/2015 1.16.29.1 - ASMedia Technology Inc)
Windows Driver Package - Compal Electronics, INC. (RadioSwitchHid) HIDClass  (11/25/2014 1.0.0.5) (HKLM\...\41439C53BF81572B2E179478239AB8D71353CD8C) (Version: 11/25/2014 1.0.0.5 - Compal Electronics, INC.)
Windows Driver Package - Cypress Semiconductor, Inc (cykbfltrService) Keyboard  (06/24/2015 2.5.1.72) (HKLM\...\1ECD12B803C107D8EDB315C6205B99B9E2265F43) (Version: 06/24/2015 2.5.1.72 - Cypress Semiconductor, Inc)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (08/06/2015 15.1.2.5) (HKLM\...\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (09/07/2015 15.1.8.5) (HKLM\...\8C51EBB00CD5442CFBF99198B944C9B53C9B6854) (Version: 09/07/2015 15.1.8.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (12/14/2015 15.1.2.8) (HKLM\...\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Intel (e1dexpress) Net  (01/14/2016 12.13.17.7) (HKLM\...\FC13404ED3476E5F3BCDD6C3AE7D652D7154BD70) (Version: 01/14/2016 12.13.17.7 - Intel)
Windows Driver Package - Intel (e1dexpress) Net  (01/27/2016 12.15.22.6) (HKLM\...\CB3A14852D3535E16F952FC22F6004C37D9EA490) (Version: 01/27/2016 12.15.22.6 - Intel)
Windows Driver Package - Intel (e1dexpress) Net  (05/10/2016 12.15.23.1) (HKLM\...\12C81864814CE5B7114E3D50C680BB79DEC07802) (Version: 05/10/2016 12.15.23.1 - Intel)
Windows Driver Package - Intel (ICCWDT) System  (09/20/2015 11.0.0.1007) (HKLM\...\2C8BF84CDD1779C9F2F280CB9F57EDE2A692565B) (Version: 09/20/2015 11.0.0.1007 - Intel)
Windows Driver Package - Intel (MEIx64) System  (02/04/2016 11.0.0.1181) (HKLM\...\7A3C2BD57BAC29BAA270D69BD827E98DD34CA72A) (Version: 02/04/2016 11.0.0.1181 - Intel)
Windows Driver Package - Intel (MEIx64) System  (03/28/2016 11.0.5.1189) (HKLM\...\63CEF5543DBF9887E6220C5C2F7F85C2D4C726D5) (Version: 03/28/2016 11.0.5.1189 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/08/2015 11.0.0.1172) (HKLM\...\5C253A305A9B81390BDF72537C0C93D01AFD2AA8) (Version: 10/08/2015 11.0.0.1172 - Intel)
Windows Driver Package - Intel (MEIx64) System  (12/24/2015 11.0.0.1176) (HKLM\...\6DDEF21B3A2297AF0AEE820F8731F50C42034672) (Version: 12/24/2015 11.0.0.1176 - Intel)
Windows Driver Package - Intel (XtuAcpiDriver) System  (06/22/2015 5.0.0.0) (HKLM\...\DB384F9DF1EDFD290D030C2C87B6140BECEF2AEA) (Version: 06/22/2015 5.0.0.0 - Intel)
Windows Driver Package - Intel Corp (hswultpep) System  (01/30/2013 1.0.5.591) (HKLM\...\9D406FEE18ADC9C102B04926FB415C1F530F5C77) (Version: 01/30/2013 1.0.5.591 - Intel Corp)
Windows Driver Package - INTEL System  (01/26/2016 10.1.1.14) (HKLM\...\C44BD225CBCAD2883798C3BAA2BA69AE6F27EE20) (Version: 01/26/2016 10.1.1.14 - INTEL)
Windows Driver Package - INTEL System  (01/26/2016 10.1.1.14) (HKLM\...\DB95970A14816D2D55C7E96694DF7459F7563DB4) (Version: 01/26/2016 10.1.1.14 - INTEL)
Windows Driver Package - INTEL System  (04/04/2016 10.1.1.18) (HKLM\...\306BFD6134B0B3D67E9E99276E3DE1DDE6C9B0DC) (Version: 04/04/2016 10.1.1.18 - INTEL)
Windows Driver Package - INTEL System  (04/04/2016 10.1.1.18) (HKLM\...\5B82A7556BD9221502EDCB0506084EE4E680864D) (Version: 04/04/2016 10.1.1.18 - INTEL)
Windows Driver Package - INTEL System  (07/14/2015 10.1.1.10) (HKLM\...\5EBB49080F680217E3D3C2082DAEAC05F24F3336) (Version: 07/14/2015 10.1.1.10 - INTEL)
Windows Driver Package - INTEL System  (07/28/2015 10.1.2.9) (HKLM\...\E7526085DB3D12B98CEA02A3D47EBA891E636A4D) (Version: 07/28/2015 10.1.2.9 - INTEL)
Windows Driver Package - INTEL System  (10/28/2015 10.1.1.13) (HKLM\...\286B25D8E04717B7F70442D1A51158B1496662F7) (Version: 10/28/2015 10.1.1.13 - INTEL)
Windows Driver Package - INTEL System  (10/28/2015 10.1.1.13) (HKLM\...\F71B76DA4F5201E5B408B826C9425031B4CD7B3A) (Version: 10/28/2015 10.1.1.13 - INTEL)
Windows Driver Package - INTEL System  (10/28/2015 10.1.1.13) (HKLM\...\FDF4BFCC61347856F27D9DD5C8DE01340E2B45A9) (Version: 10/28/2015 10.1.1.13 - INTEL)
Windows Driver Package - INTEL System  (11/29/2015 10.1.1.13) (HKLM\...\EEC9E078808E05D1B0E3E6285CF081F14AB2952D) (Version: 11/29/2015 10.1.1.13 - INTEL)
Windows Driver Package - INTEL System  (12/16/2015 10.1.2.19) (HKLM\...\EB9115A82AA92A665975DDF2F1BE578588AC2391) (Version: 12/16/2015 10.1.2.19 - INTEL)
Windows Driver Package - Intel USB  (02/25/2013 9.3.0.1027) (HKLM\...\2593EA261EAA13AD91B7640B0C4AB7B2E5A2E23F) (Version: 02/25/2013 9.3.0.1027 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.3.0.1028) (HKLM\...\6AB557A44DB5C90C1F398266C338F5468520E2C0) (Version: 07/09/2013 9.3.0.1028 - Intel)
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA  (01/26/2016 8.20.00.865) (HKLM\...\A45C5D1A60F3E09131C155E4329FFFB33E6CE51F) (Version: 01/26/2016 8.20.00.865 - Intel(R) Corporation)
Windows Driver Package - Juniper Networks (JnprVaMgr) Net  (07/13/2010 5.1.3.8041) (HKLM\...\C072D009E927212B055F81FEF62D743F5D959D12) (Version: 07/13/2010 5.1.3.8041 - Juniper Networks)
Windows Driver Package - LG Electronics Inc. (AirModeBtn) HIDClass  (08/12/2015 1.0.1508.1201) (HKLM\...\488F076C8A3658890AFD8181D71BB3E02C79B505) (Version: 08/12/2015 1.0.1508.1201 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (Serial) Ports  (03/05/2015 6.3.9600.4) (HKLM\...\23D08292B2639E56E3531B935E22B475F6700AAA) (Version: 03/05/2015 6.3.9600.4 - LG Electronics Inc.)
Windows Driver Package - OEM (PegaRadioSwitch) HIDClass  (05/25/2015 15.56.17.593) (HKLM\...\B8F84F8C3D55C7204B7570FE49B25AD6329873DF) (Version: 05/25/2015 15.56.17.593 - OEM)
Windows Driver Package - Realtek (rt640x64) Net  (07/03/2015 10.002.0703.2015) (HKLM\...\CD45634117155F2D54182DE2298B01F55590D6CF) (Version: 07/03/2015 10.002.0703.2015 - Realtek)
Windows Driver Package - Realtek (rt640x64) Net  (07/23/2015 10.003.0723.2015) (HKLM\...\EBD6C9FFA0364C8EF8DBF5AF48CD49882F9794A7) (Version: 07/23/2015 10.003.0723.2015 - Realtek)
Windows Driver Package - Realtek (rt640x64) Net  (10/01/2015 10.006.1001.2015) (HKLM\...\8C869877E6B13D11BE068A1FF0AB655A587B57C7) (Version: 10/01/2015 10.006.1001.2015 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/02/2016 6.0.1.7738) (HKLM\...\EFF0145B6FDAE669B803C732D3F07968939B14C4) (Version: 02/02/2016 6.0.1.7738 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/16/2016 6.0.1.7743) (HKLM\...\EC3CF3D8604589667D20615AF3FF1D882A17971D) (Version: 02/16/2016 6.0.1.7743 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/14/2016 6.0.1.7848) (HKLM\...\A9F291B4FF61ADA07B8EECC94DF5B268D409A176) (Version: 06/14/2016 6.0.1.7848 - Realtek Semiconductor Corp.)
Windows Driver Package - Synaptics (SmbDrv) System  (09/26/2013 16.2.19.13) (HKLM\...\578049704DC09ADE759A1ADD481A4D2FD66E9A52) (Version: 09/26/2013 16.2.19.13 - Synaptics)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XTREME GAMING ENGINE (HKLM-x32\...\GIGABYTE XTREME GAMING ENGINE_is1) (Version: 1.1.8.1 - GIGABYTE Technology Co.,Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21F0615C-A8FD-4F87-B097-E6FB1BBE5965} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-05] (NVIDIA Corporation)
Task: {29E37172-3D8A-4CDB-AC46-F8DED0831BCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-24] (Google Inc.)
Task: {3B46D756-A9A3-4F47-AFD8-7E36B7CD2ACA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {43AA0EE0-B80A-419A-A047-E8447D7119EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-10] (Microsoft Corporation)
Task: {480DE7F5-7AE5-448C-94D7-0B2566573C1B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {5B3150B4-FA1A-4F8C-8E09-C378FBB7F567} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-24] (Google Inc.)
Task: {5CD569BA-FE8F-4B8D-9391-BB1B5C835CED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {7A364721-AA99-4595-BF02-492A9A713CEF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-05] (NVIDIA Corporation)
Task: {7B17E669-0831-4FB3-9E88-927013938D20} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8A10201D-6E81-4FAE-BFE8-6401AECB503A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-05] (NVIDIA Corporation)
Task: {9E4750FE-F52F-49B0-A361-9BA82164B73D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {AC4ED370-BFE5-4381-A8DC-81E4291909F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {B5AFBCD6-AA10-4E47-BD0B-BAB485096B00} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {BDBF6A91-BB7E-470B-8936-17C67CB04163} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [2016-11-02] (GIGABYTE Technology Co.,Ltd.)
Task: {C0516482-96E5-4768-866A-C68B574A3302} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-05] (NVIDIA Corporation)
Task: {CFB278B9-F151-4619-958C-C9F6C4EC7073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-05] (NVIDIA Corporation)
Task: {FE0425A7-BB6D-4273-946E-C244C4D1B83E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-05] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 15:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-25 08:45 - 2015-06-25 08:45 - 00017920 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
2016-12-01 15:53 - 2017-01-05 20:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-01 15:53 - 2017-01-05 20:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-26 17:12 - 2016-11-26 17:12 - 00076152 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-12-01 15:52 - 2016-12-11 13:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 15:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 08:17 - 2016-09-23 08:17 - 00959168 _____ () C:\Users\juang\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-23 06:42 - 2016-09-23 06:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 13:12 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 13:11 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 13:11 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 13:11 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 13:11 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 13:11 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-03 09:21 - 2016-06-03 09:21 - 01850152 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2016-12-14 10:51 - 2016-12-14 10:52 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 10:51 - 2016-12-14 10:51 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 10:51 - 2016-12-14 10:52 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 10:51 - 2016-12-14 10:51 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-06-03 04:44 - 2017-01-05 08:37 - 00536960 _____ () C:\Users\juang\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-05-07 12:19 - 2016-12-09 18:33 - 08919752 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-12-14 17:13 - 2016-12-08 03:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 17:13 - 2016-12-08 03:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-15 13:53 - 2016-12-15 13:53 - 00083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-15 13:53 - 2016-12-15 13:53 - 00203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-10-10 22:38 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-10 22:38 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-10 22:38 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-10 23:01 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-02-17 00:47 - 2015-02-17 00:47 - 00105472 _____ () C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\ycc.dll
2016-12-01 15:53 - 2017-01-05 20:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-01 15:53 - 2017-01-05 20:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-01 15:53 - 2017-01-05 20:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-01-21 20:53 - 2014-01-21 20:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2015-02-16 09:47 - 2015-02-16 09:47 - 00105472 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 00344960 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 00441216 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 00471424 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 63168896 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 00292736 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 06328192 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 07643008 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 13834112 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 02285440 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.6.23032.dll
2017-01-05 08:37 - 2017-01-05 08:37 - 00335232 _____ () C:\Users\juang\AppData\Roaming\Dashlane\4.6.6.23032\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.6.23032.dll
2016-12-07 11:51 - 2016-12-01 08:49 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-12-01 15:53 - 2017-01-05 20:10 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-01 16:02 - 2016-08-18 20:26 - 00225792 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll
2016-12-01 16:02 - 2014-05-01 02:49 - 00025088 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\BSL430.dll
2016-12-01 15:53 - 2017-01-05 19:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-01 15:53 - 2017-01-05 19:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-01 15:53 - 2017-01-05 19:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-01 15:53 - 2017-01-05 19:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-01 15:53 - 2017-01-05 19:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-01 15:53 - 2017-01-05 19:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-01 15:53 - 2017-01-05 19:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-15 15:16 - 2017-01-05 19:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2015-07-10 22:37 - 2015-07-10 22:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2017-01-12 14:31 - 00454123 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15578 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-463900854-2142852480-2626321906-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "RemoteView5 Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PulseSecure"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "DiscordPTB"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "MySQL Notifier"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "DiscordPTB"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "ALLPlayer WiFi Remote"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Bloody2"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\StartupApproved\Run: => "TSMApplication"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{9A5C17C2-F77D-4BC4-86C4-85DAD2BAF5B0}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [TCP Query User{AC55509F-C27B-4AD4-BE01-7D149531DC20}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{8D8D5162-147F-4E4E-B6C5-3D5345770C34}] => C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe
FirewallRules: [{C92D6573-C512-4516-A5B9-90458B573AF0}] => C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
FirewallRules: [UDP Query User{9BF08ED2-3A4B-4195-914D-15B8FF393139}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [TCP Query User{2F7DF3AB-193B-4C22-8D4B-5FC92D94F675}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{3B125C1D-9CCB-44CA-ABD3-0590BE56F16E}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A59B1562-E5A6-4AA2-A8B1-A33E2F877837}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BE84C53A-2E57-47F2-BABE-081E593B63E9}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6FD53A18-3B9D-4265-9814-B5FE5ADCFCEF}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FAE2E4D4-CB14-4633-9BD6-E76CCFB6E8C2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F214DAC3-78B9-482B-ABC8-78AE792B636C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58990318-17C2-4C34-8B3D-36CF41D54EA0}] => LPort=3306
FirewallRules: [{4EEBC879-9DB9-4056-BC73-75B859AAEA96}] => LPort=3306
FirewallRules: [{AADC77F7-B097-43F1-80FF-3BFF8EAC64B6}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{4DACE87C-C68A-4689-9C85-B8A76A6D68BB}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0707581E-39A4-4188-BE35-D1213D15647C}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{CB0B47B7-8DFC-493B-96A9-D5ABCD81EB2F}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{1A0961CC-4064-4164-B441-0FD80D183ACC}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{8B3965D1-7B4C-429E-95A0-7267943F129D}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{519A8E91-753F-4D4C-A80B-68BEDC407F95}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{96E2020B-DCAA-469F-A58E-B0B796CE404C}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{4809DB31-720F-4A63-9EC8-A299F86B2181}] => %ProgramFiles%\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{2E80D891-C74C-4062-B4DF-F9601F622980}] => %ProgramFiles%\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [TCP Query User{AD4D8BF9-4239-4469-B0AC-E63745659F99}C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe] => C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [UDP Query User{8B58E315-6B6E-4BEA-B50F-7DE8195D07D0}C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe] => C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [{AB91A23D-CC6D-45FD-94FE-EAAD482B37F3}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96102BC2-C797-471A-B2FE-D3DDBFC67D73}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A02A8CB9-7A16-4298-8824-1A2E2D93B08A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D81BEE1-6CE0-48CF-B2FA-123242A85FBC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65C7BB48-851F-4AA7-B520-DF2FB6A04D65}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{30F88AD4-5E57-4505-8196-8ECBB38A09D0}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{92A7FF57-D745-4BBE-84F6-5F483A5CF8E2}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E110B69D-42C9-4E9C-8940-B481976A70EA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7DE3812C-12B0-474A-895C-19AC82C8DD9F}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5AE6BCD7-90F2-415C-8B33-CF1B3030DD98}C:\windows\system32\mmc.exe] => C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{070D502F-670F-41EB-9C59-5BC03771437C}C:\windows\system32\mmc.exe] => C:\windows\system32\mmc.exe
FirewallRules: [{22A31FDC-71B9-4E25-8531-697BDF309581}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DECA7F0E-0CB6-4C37-88DD-5F4FEE80CCBE}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{87EC753C-AFEF-41DF-BACB-EF7D0E580622}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A4DFEC1A-5C1C-40E4-8657-A546FA0AD92B}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6ED0936D-A279-4BA9-A872-D96DEF50F723}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F75C3C62-A7FB-40F1-966B-366BB0AF77A4}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{BF4483DB-EF82-4FEF-BC45-18ED8782367D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AB8447CB-114A-420C-9C98-14D63F8D6877}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6CBAEE8E-163D-4282-A5D2-81A393BD2BD6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01092F82-5B34-40DD-8C09-AA54F4CD9887}] => E:\Games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{A5A10A9A-EE57-4715-9BFC-725B75026A40}] => E:\Games\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{D6664CFB-05D8-4296-9722-AA7314A236E0}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D4B235D-7BEF-4909-AF65-E7977CE3CC58}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{960B52C8-6C5C-46CF-A3B4-5E170AC34CF3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{56911942-5C03-4B3F-9C2C-99D08F0BAA9B}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{D9A6F0C8-8BC9-4A79-A0B3-4D7B3B4AAADF}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5D4E804A-ACEF-4307-9BEC-3CCD29FBFA7F}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{1DD88E2D-938D-4661-B908-C78BE23E5CBA}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{AD81741D-7376-4E7D-8C76-16026EF4045E}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{EF1F0278-43AF-4B67-BFC8-E559778DB000}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7BDFED00-2265-4165-9C38-BB0E3CE0C1A0}] => E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F49C54C6-64F8-4D15-A64C-948335E080C6}] => E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{142D34DA-7135-4C8B-9A75-9D639AB83226}] => E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{02F6B251-30ED-4949-9C2D-2967850EB060}] => E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CCBE1B5-844C-4790-98DC-D05A3984A600}] => E:\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{5AF551B4-B3CA-4FAA-9456-6F91A58E9E47}] => E:\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{EA8E7FBF-DABC-4DB7-9069-3CD4ED60D5C9}] => E:\Steam\steamapps\common\Project Argo (Prototype)\argobattleye.exe
FirewallRules: [{1B32EABD-E30E-4B00-A3BC-D3012C017D8B}] => E:\Steam\steamapps\common\Project Argo (Prototype)\argobattleye.exe
FirewallRules: [TCP Query User{6E12111B-2E92-4B09-8A54-2F45ACE4ACE5}E:\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => E:\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{9D41F860-2281-403B-B307-BD04AAE7BCBF}E:\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => E:\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{73B12ABE-6098-4325-B9A3-13ADD9AFA28F}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{896EC922-5B1F-4477-AE09-ED2D7A5CB88E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{84605415-B196-4AAD-938A-AFFBD8618C76}E:\users\juang\appdata\local\shatteredskies\launcher.exe] => E:\users\juang\appdata\local\shatteredskies\launcher.exe
FirewallRules: [UDP Query User{1D1969A6-9EBD-4803-B4FE-97C8D57C85CE}E:\users\juang\appdata\local\shatteredskies\launcher.exe] => E:\users\juang\appdata\local\shatteredskies\launcher.exe
FirewallRules: [TCP Query User{7DCA43BF-4034-4EB1-8C54-2FE8FF20F420}E:\users\juang\appdata\local\shatteredskies\launcher.exe.new.exe] => E:\users\juang\appdata\local\shatteredskies\launcher.exe.new.exe
FirewallRules: [UDP Query User{AC5D8097-9BE8-46E1-930D-023D438CEB27}E:\users\juang\appdata\local\shatteredskies\launcher.exe.new.exe] => E:\users\juang\appdata\local\shatteredskies\launcher.exe.new.exe
FirewallRules: [{DB4C2DEE-7726-4371-8FC8-7CBA11122F51}] => E:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe
FirewallRules: [{47A432D0-00EE-4DAD-9709-6A59C09F9E8D}] => E:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe
FirewallRules: [{8D701774-A645-463D-843A-72387CEDC316}] => E:\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{3A50758C-B8D4-4538-8FBE-CC481C982365}] => E:\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{13E9A154-C19D-4D20-8898-15CF91B26B4E}] => E:\Steam\steamapps\common\DubWars\DubWars.exe
FirewallRules: [{5B090E91-14F9-4E61-BC95-42AA4AB3EEDA}] => E:\Steam\steamapps\common\DubWars\DubWars.exe
FirewallRules: [TCP Query User{3EE17926-3BEB-445D-9C5A-C76ECAB8F189}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{066A2EB4-6776-4990-AE57-917CEE692A04}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{8C73EA28-1809-49B5-BB8E-1BB05C0CB204}] => E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{5FEECD5F-A8EB-43B0-9DBF-E3154B31E4B5}] => E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{E9409623-CC52-4372-A4B2-EE0041B39D68}] => E:\Steam\steamapps\common\H-Hour Worlds Elite\HHourGame\Binaries\Win64\HHourGame.exe
FirewallRules: [{B5C69635-9BF7-4314-A035-FFBC0536190C}] => E:\Steam\steamapps\common\H-Hour Worlds Elite\HHourGame\Binaries\Win64\HHourGame.exe
FirewallRules: [{BF850AE3-6DB6-4589-B996-D0F04D4512A4}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{268CF955-84C7-46A8-9584-D5CA2DC05316}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D6BA482D-6AC5-47CD-AA66-2A0EE8EE750F}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{1FA7B1A2-CC85-4B9C-B443-28B5AD60D75D}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{C83C72F8-F9F1-4555-B57C-E23744A868B1}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [TCP Query User{1C60FA6F-8DEB-4F34-8508-F3119D7DE298}E:\steam\steamapps\common\project argo (prototype)\argo.exe] => E:\steam\steamapps\common\project argo (prototype)\argo.exe
FirewallRules: [UDP Query User{E440A1E9-49C1-4389-A904-FEFFCAEF7E7C}E:\steam\steamapps\common\project argo (prototype)\argo.exe] => E:\steam\steamapps\common\project argo (prototype)\argo.exe
FirewallRules: [{A945334E-E49B-498B-AD23-04B15FB717A2}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-12-2016 11:52:27 Scheduled Checkpoint
06-01-2017 12:54:01 Scheduled Checkpoint
08-01-2017 22:57:30 Installed DirectX
12-01-2017 14:32:41 Checkpoint by HitmanPro
12-01-2017 14:33:36 Checkpoint by HitmanPro
12-01-2017 14:53:24 JRT Pre-Junkware Removal
12-01-2017 15:48:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDAV.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDAV.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll" on line 2.
The manifest file root element must be assembly.

Error: (01/12/2017 08:28:43 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (01/12/2017 08:06:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2017 08:06:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2017 08:06:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2017 08:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.

Error: (01/12/2017 08:05:34 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/12/2017 08:05:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2017 08:05:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2017 08:05:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The EasyTune Engine service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2017 08:05:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/12/2017 08:05:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-01-12 18:41:38.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3F19.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:41:38.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET3F19.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:41:08.688
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET74CB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:41:08.681
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET74CB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:40:22.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET5B29.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:40:22.544
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET5B29.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:40:14.516
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET33E2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 18:40:14.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET33E2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 14:45:11.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET74CB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-12 14:45:11.960
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SET74CB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 18%
Total physical RAM: 32720.43 MB
Available physical RAM: 26629.63 MB
Total Virtual: 65488.43 MB
Available Virtual: 58546.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.64 GB) (Free:184.25 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:290.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F06B97AA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 43073AC7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Don't put logs in code boxes either, it's impossible to read them that way. Just copy an paste into the reply box.

This should fix the other error at start up

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Osbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\juang\AppData\Local\Ohics\WrapEventaudio.dll
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#9
jgaf

jgaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Error message gone. Thank you!

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by juang (12-01-2017 21:03:07) Run:2
Running from E:\Users\juang\Downloads
Loaded Profiles: juang (Available Profiles: juang)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\...\Run: [Osbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\juang\AppData\Local\Ohics\WrapEventaudio.dll
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-463900854-2142852480-2626321906-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Osbics => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5519506 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 108542 B
Edge => 0 B
Chrome => 383755783 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3286 B
NetworkService => 2628 B
juang => 327135 B
 
RecycleBin => 0 B
EmptyTemp: => 371.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:03:18 ====

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

If there are no further issues, please remove all the tools we used, right click delete them and the log files as well and I'll close the topic.

Thanks
Joe :)
  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP