View Full Version : Dyre spambot ???
My computer keeps getting listed in the spamhaus cbl where they claim I have a dyre spambot. I am unable to send any emails as they are listed as suspected spam.. It is a nightmare that I have been unable to solve for several months... I have been ripped off by several anti virus companies who claimed they could remove the bot but didn't. I even had a so called expert from Telstra come out to my computer at great expense, ran malwarebytes in safe mode said he couldn't find a virus or spambot or anything else and promptly left... I am beyond desperate at this point.. I have followed the instructions and backed up my registry then ran the Farbar program as pasted below ... Please help if you are able as I don't want to have to throw the computer overboard (I live on a boat) ... Midge
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by PjSue (23-11-2016 13:34:41)
Running from C:\Users\PjSue\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-02 01:18:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-649218570-585308798-3976316672-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-649218570-585308798-3976316672-503 - Limited - Disabled)
Guest (S-1-5-21-649218570-585308798-3976316672-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-649218570-585308798-3976316672-1003 - Limited - Enabled)
PjSue (S-1-5-21-649218570-585308798-3976316672-1001 - Administrator - Enabled) => C:\Users\PjSue
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Vision Video Player v1.5.5a (HKLM-x32\...\3D Vision Video Player v1.5.5a) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.15.0.70 - Innovative Solutions)
Akamai NetSession Interface (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_G75 Series_ENG (HKLM-x32\...\AsusScr_G75 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BurnAware Free 8.7 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.0.0 - Canon Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
CyberLink Holiday Pack Vol.6 for YouCam (HKLM-x32\...\InstallShield_{B17D6DAB-FA82-4e06-AB92-001D4F76869B}) (Version: Holiday Pack 6 for YouCam - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.2218.53 - CyberLink Corp.)
CyberLink YouCam 7 (HKLM-x32\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0824.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Dashlane) (Version: 4.6.3.20593 - Dashlane SAS)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Download App (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Download App) (Version: 1.6.6 - CBS Interactive)
DVDFab 9.2.2.8 (02/02/2016) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDFab Passkey 8.2.6.1 (15/02/2016) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.)
Elevated Installer (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Eyefi Mobi Desktop Transfer (HKLM-x32\...\{33CE49ED-5BD4-4921-AC59-29D46938693B}) (Version: 5.12.0.131 - Eye-Fi, Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
ffdshow x64 v1.3.4531 [2014-06-28] (HKLM\...\ffdshow64_is1) (Version: 1.3.4531.0 - )
Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version: - )
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.27.822 - Digital Wave Ltd)
FUJIFILM MyFinePix Studio 1.2 (HKLM-x32\...\FinePix Genie_is1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameFast (HKLM\...\GameFast_is1) (Version: 1.0.1.1 - ASUSTEK Computer Inc)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{CF0B9EF4-0584-3F6B-A7E1-4CEEF4169895}) (Version: 66.19.16506 - Google, Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Homestead SiteBuilder (HKLM-x32\...\Homestead SiteBuilder) (Version: - Homestead)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{1F9E5C64-165D-4679-BBB3-498D216D017B}) (Version: 3.3.7 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intuit SiteBuilder (HKLM-x32\...\Intuit SiteBuilder) (Version: - Intuit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
James Cameron's AVATAR(tm): THE GAME (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Leawo Blu-ray Player version 1.9.2.3 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.2.3 - leawo Software)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8206 - MyHeritage.com)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA 3D Vision PowerPack - Batman Arkham Asylum (HKLM-x32\...\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1) (Version: - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA Apollo 11 Demo (HKLM-x32\...\Apollo 11) (Version: 1.03 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Supersonic Sled demo (HKLM-x32\...\Supersonic Sled) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rotation Desktop for G Series (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Stardock ObjectDock (HKLM-x32\...\Stardock ObjectDock) (Version: 2.10 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR Performance Test (HKLM-x32\...\Steam App 323910) (Version: - Valve)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Telstra Broadband Assistant (HKLM-x32\...\Telstra-Telstra Broadband Assistant) (Version: 1.0.0.2 - Telstra Corporation Ltd.)
USB Game Controller (HKLM-x32\...\{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}) (Version: 2007.01.01 - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.522 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 5.5.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0349F974-C53F-42A0-B7C6-C1E051A1C2FA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-10-25] ()
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {0BC1C31D-DC09-45F3-91E9-43CE18684FE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0CDAD8D1-8A18-4751-B75B-EE7027F3A492} - System32\Tasks\SafeZone scheduled Autoupdate 1450422863 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {13392A0D-6B82-45EF-94B9-789390E87A92} - System32\Tasks\{07044654-8413-49E2-8B6D-1402C6941C46} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.64.102/en/go/help.faq.installer?LastError=1638
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FD31D27-985A-46D6-98D7-43A0A3C39E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {249F3049-92CC-47E0-A6B3-110B08539307} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {251AA5FE-24B3-4BDD-9AD6-389E8572B3B4} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-11-03] (Innovative Solutions)
Task: {282E6B04-CCAE-4DDA-984A-047BFDC19649} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-06-01] ()
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A6E172C-C11E-4B99-A42B-75B97AD0D207} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {2B4257EA-3171-4706-B156-CEDD1512D598} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {474DA740-EDDE-4F41-902D-BBC2681C5F2C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4D4C3CBA-549D-4A45-B171-64CA843874D9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {55FFF6C1-F500-404D-9B72-BB481BB67454} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-11-03] (Innovative Solutions GRUP SRL)
Task: {56BBE9CF-81A6-4840-91A7-AF777F37B745} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5728BAC6-102E-41E0-8AF0-DEAB03B6407B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-03-01] (ASUSTek Computer Inc.)
Task: {5D398BA0-899C-4310-9CAE-D04145AB1924} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {67B4A700-8DB6-4F7A-A19E-79832EBACFF7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71C56698-1FD8-4E39-8B91-CCFE3E4B306B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {71E74F7B-4DAB-4B33-A451-8AF6CE381AC3} - System32\Tasks\BOTREVOLT_STARTUP_TASK_918CB0F9_1EF8_4c60_8205_7AAB364CD162 => C:\Program Files\BotRevoltFree\botrevoltfree.exe
Task: {73F72A93-B159-43E4-9638-80219DF01253} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-11-03] (Innovative Solutions)
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CD159A2-BCE1-4408-A5F3-8C7DF78950C8} - System32\Tasks\{65B901F6-56BE-46D7-B4F3-9BCE1501DB53} => C:\Users\PjSue\Desktop\nzd_Avatar_TheGame_Demo.exe
Task: {7D97DAD3-EE2F-47D0-83C4-AF75DD94F46D} - System32\Tasks\{0C994082-99C5-4969-80AE-468CF40F2A79} => pcalua.exe -a "C:\Users\PjSue\Downloads\B2CAppSetup (3).exe" -d C:\Users\PjSue\Downloads
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85928573-E9BB-490D-9FE0-B7626B2D4877} - System32\Tasks\{828D3D50-C40D-44B2-B92E-F56F6FAFC76B} => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [2012-11-26] (ASUSTek Computer Inc.)
Task: {89CB7494-AF55-43F8-BA61-6392232A7C0C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E68BB19-988F-46D1-B003-17B1BF33BE0E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {921932E1-DDD1-4081-845A-C45B0689F6BF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {9658543B-3897-4261-928D-44D277252353} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {97A23270-CE9E-4C97-ABAA-8C76F867B1F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9FBAEDD8-F82F-4259-816F-BF14D9FCAFA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A47C0FA5-D486-468A-BD45-148563614A07} - System32\Tasks\{4551DD98-76AA-40DD-8AFD-65889EB62982} => pcalua.exe -a C:\Users\PjSue\Desktop\nzd_Avatar_TheGame_Demo.exe -d C:\Users\PjSue\Desktop
Task: {A69895A6-F111-4394-9EEF-D1F8C75724C7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29] ()
Task: {AA7EA33F-52CB-464C-8972-28616107121E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0A29273-911F-4069-9271-FF866DB5823C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {B5260A31-A79E-46E7-A2ED-E702C5DBAFBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B7B658EE-7BBF-41B8-8095-B577C8BCFEFA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {B869B06C-5B6A-44C9-BE86-86C55B1251A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B8D1A5A8-16E1-4270-8CB6-B0FAA07A1BBB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {BAC4B78D-A096-4B9D-839B-DD125C03EEBB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-12-11] ()
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D8257178-EDBA-4396-9BB9-BE9F32524455} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E517D877-30E5-47E3-9CBC-EF86392C8054} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F8B0EB7C-363A-403B-ABBA-F481CD8C150B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-16] (ASUS)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD102E3E-7234-41CF-88EA-4014D9FC2159} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {FE1ABE7E-7AF7-47B6-90DE-54D8AB3A2361} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FFA30135-7B45-4653-A214-4450BEF06CF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mijlebbfndhelmdpmllgcfadlkankhok\Quick Note.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mijlebbfndhelmdpmllgcfadlkankhok
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pixlr Touch Up.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jklljiahjgoglchglekebfljnmbaleig
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Pj - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 21:42 - 2016-07-16 21:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-03 03:35 - 2016-10-03 03:35 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 09:53 - 2016-08-01 22:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-13 13:56 - 2011-09-14 23:48 - 00083240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2014-06-07 02:50 - 2011-03-28 06:23 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2016-02-23 08:21 - 2016-06-15 06:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-30 17:56 - 2016-06-15 06:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-23 08:21 - 2016-06-15 06:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-06-07 02:38 - 2012-02-22 05:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2016-03-29 06:32 - 2016-06-15 06:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-17 16:48 - 2016-06-15 06:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2010-07-15 09:11 - 2010-07-15 09:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2016-10-03 03:35 - 2016-10-03 03:35 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-02 11:30 - 2016-10-02 11:30 - 00959168 _____ () C:\Users\PjSue\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-03 03:35 - 2016-10-03 03:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 09:05 - 2016-11-02 20:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 09:06 - 2016-11-02 20:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-19 04:14 - 2016-11-19 04:15 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 04:14 - 2016-11-19 04:15 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 04:14 - 2016-11-19 04:15 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-08-19 07:35 - 2016-11-10 23:52 - 00536960 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-11-17 04:30 - 2016-11-17 04:32 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-17 04:30 - 2016-11-17 04:32 - 20433920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 07:06 - 2016-06-04 07:07 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-17 04:30 - 2016-11-17 04:32 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-17 04:30 - 2016-11-17 04:32 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-08-28 12:14 - 2016-08-28 12:16 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-11-15 09:21 - 2016-11-09 07:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 09:21 - 2016-11-09 07:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-18 04:17 - 2016-11-18 04:24 - 00743424 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2016-08-30 08:53 - 2016-08-30 08:53 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16112201\algo.dll
2016-08-30 08:53 - 2016-08-30 08:53 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-07-13 13:57 - 2011-08-26 14:57 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-10-25 11:36 - 2016-10-25 11:36 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-08-29 14:43 - 2016-08-24 16:53 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-08-29 14:43 - 2016-08-24 16:56 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-08-29 14:43 - 2016-08-24 16:56 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-08-29 14:43 - 2016-08-24 16:56 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-08-06 07:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-06 07:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-26 08:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-26 08:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-14 14:23 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2016-06-30 14:47 - 2016-11-03 11:52 - 00010792 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2014-06-07 02:38 - 2012-02-22 05:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-18 05:59 - 2014-03-18 05:59 - 00091544 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00346496 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00441216 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00471424 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 63181696 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00292736 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 06322048 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 07602560 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 13827456 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 02285440 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00334208 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.3.20593.dll
2016-11-18 04:17 - 2016-11-18 04:25 - 00013312 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2016-11-18 04:17 - 2016-11-18 04:25 - 00382464 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2016-11-18 04:17 - 2016-11-18 04:24 - 00079872 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 00992768 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 00641536 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 00107520 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 00210432 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 57798432 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 00152576 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 00702464 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:25 - 00153088 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 00081422 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 01111040 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:23 - 00411136 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:25 - 01530880 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:24 - 00163840 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 00126976 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 01155072 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 175901488 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\App.dll
2016-11-18 04:17 - 2016-11-18 04:24 - 27973398 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 01085440 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\iconv_osmeta.dll
2016-11-18 04:17 - 2016-11-18 04:21 - 00397312 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04803893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04803893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\PE_C_DEFAULTAPPPOOL\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^PjSue^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download App.lnk => C:\Windows\pss\Download App.lnk.Startup
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "YouCam Service7"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C41EF73F-4CD6-4437-A4E1-2D0B9F925019}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{36B34017-10D3-449E-9758-3EFDA041E43A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1DB8B516-B7F4-4DA0-B6D5-9B6D280B547A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{9ABFBFD0-FBBC-4871-8D37-EF68EE9369C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{3DE854EC-9AC6-4049-BFEB-8A24D58DD553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{04E6B6BD-5B92-4B2E-A111-919A98AD9F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [UDP Query User{4ECEBE5D-0939-4D3F-9FE4-7C0C836F7D2B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{50D54331-67FA-4094-A1D7-63173C73FC5B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2A1F263A-F14E-4A62-87ED-86FBA837268B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2B773058-ED51-4EEE-9175-217D150D3617}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [{31A1E63C-37AC-4E67-B183-37A5E88CC141}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{CBB164DC-520E-4F53-BFFC-41D49961EF08}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{DA0354C7-8D88-403C-A657-2196EC561C48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B89BFACC-3AFA-4E00-B217-D601E1A35654}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E282CCC-98FD-4F74-BE54-22001FCABB11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A3F98EF-042E-4F15-B711-14187BDEE32F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{D729690C-9B2E-455A-A7CE-458245F67A95}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{B707C4DC-B534-4369-8F6E-440CEB4985A4}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{155C7B04-F343-481E-BD30-4D42EF274F29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A2FE0B0-FE3B-4DB3-816D-3ACF4982D7B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E743D6EC-33B0-464C-8C71-623F5FC02C02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{01175038-361D-49C0-9D2F-D37559FF9A4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2495B37A-2C8C-4C02-8B1D-04B3F9E17EB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{494E815C-3193-4BB9-B2B2-BFF967915FDE}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe
FirewallRules: [{FAD8BF29-1269-43A2-BF09-EFE548E7A79D}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe
FirewallRules: [{30A5C969-7D46-4F94-AEB8-0DD422269E2B}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe
FirewallRules: [{BB89648D-FAE1-4DA5-9A68-E84D1393FCD7}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe
FirewallRules: [{AF68B1FC-FAA1-4ED6-9457-B5EAAB466D48}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{D0F74856-E901-4016-895D-7D4745DF8F73}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{4721A28D-EC0A-450C-81B3-F6906971B0BA}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{C38BA3C8-B419-4886-BEB3-383D389A18AF}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{96BFF1FD-4115-4B89-823F-15833891C524}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5382BC6E-9B76-4C89-957A-A347095411A7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{10BE39C3-D905-438E-B67D-2C2065986DB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3ABEC66-25F7-4848-997A-C244E6C4E6CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4CD2D970-DA7C-4E8D-88D5-D48B43109195}] => (Allow) C:\Program Files (x86)\Eye-Fi\EyeFiActivation.exe
FirewallRules: [{3E15FCC3-E18D-4BAF-B62C-D3149044B758}] => (Allow) C:\Program Files (x86)\Eye-Fi\EyeFiActivation.exe
FirewallRules: [{43EE8EF2-333F-4DB1-B68F-31EA853822FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0FFA543-D295-4908-9C24-8EF3DF458231}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{C3B4FD35-93A9-409C-A181-1B1DC36A9D3D}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [TCP Query User{9EB69385-6440-4B12-A4DB-9EFAFFBEEE4E}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [UDP Query User{D17FA033-F465-4E2E-B9F5-B1B559EE5E17}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{53CC592B-5419-4836-9EF6-58A3A35E6DBF}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [{5103382C-D2A6-4A0E-92D3-AA21C9A9DA9E}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{0CF15B6E-362D-42E9-AF31-DA158CD5BB2A}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{E6FC5B34-293B-4373-9D59-7335DD018368}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{D24D1F4E-6195-4FEB-908F-A32E4CEC9AA9}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{991F3469-3D6C-48D4-80DD-175C12117F06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BEF5E7F9-A221-476A-A157-4A2123A2848D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{7105D83E-D1CE-4AC8-869F-EBA65969B57F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{277743C2-EBCA-4149-AFA1-708509A43C62}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F9AF2FD8-482D-4AC3-9513-B034957B1E2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A10357A8-7865-42B9-A4EA-3056C5D0F8A6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1E1EAB8F-D73F-439D-98AA-0131088A7E86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{871FB14F-4A51-42C4-A4AE-D966E6235101}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{26202750-7497-4E4D-B8AF-161595F22DD2}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{5BC1ACD0-A3C0-4C3E-8D01-7B2A34B829B2}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{8FE60985-F127-4020-8831-9D14D016E847}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{9C61811D-0D75-4CFC-8E61-C44487A11D72}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{8A271A3B-0E1F-46D1-8DFD-FA58E7083A5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{06A4F1F3-A24F-4355-893C-8159A3DF3EC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9B6BDE1-D1AC-422E-9A58-1EDA1C100B95}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{734DB897-2EBC-47ED-A4ED-F8EC4B057DD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{793E044F-C114-49F9-B10D-44A4C723DDA1}] => (Allow) C:\Users\PjSue\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{AAC028BB-2DC1-4414-8101-ADB650C1EE26}] => (Allow) C:\Users\PjSue\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{A576AC58-9D1C-4D3F-A198-14EB093D689D}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{309AE277-27DD-4550-B888-0D3307637D78}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D9E5D18F-71E4-4D75-8806-85281ED2421F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{EE5B9511-2EA7-4CB1-842D-1A20BCA979CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29468B25-B9C2-4AE1-B4F0-FFEFDD48F97F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44A94B10-F5D5-4969-99CA-8D975ABD3AA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F0ABFD6-5A61-4BBE-8AB1-2E5541F6A9B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1809A19-DB6A-41B5-B573-82224E54C529}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\MovieModule.exe
FirewallRules: [{16219ED4-30C3-41EA-A19A-72808ED33722}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
FirewallRules: [{6A5A0031-63EF-40FA-B6D5-6EBF77BF0DDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
FirewallRules: [{CBAE941D-3E81-459E-8F00-442C232FAF79}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe
FirewallRules: [{A63D13D2-6668-4807-B0F4-BF6D47697AF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe
FirewallRules: [{C133311E-7788-4DAA-85B6-A751223B174A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{F08F3B3F-506B-482C-92BF-14A517A2713D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{75445921-F43D-4C9F-BA92-9850B532672A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0F9948C9-95C0-471B-A0CA-9E1FB493D93B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{12B16596-73B6-4E60-B731-1DD065A9719C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D6FE0EBA-88A3-4C70-9983-045FA617FF33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}] => (Allow) LPort=1900
FirewallRules: [{5A91AC63-3975-4121-8662-306E9525B30E}] => (Allow) LPort=2869
FirewallRules: [{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{49868BF0-D3D6-4970-91EB-44579779DCDF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{7A97418A-E174-4B18-A490-D704C3CB3ADC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{94366B90-A943-4C73-B429-AD2070EA6575}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{2DBF4837-2596-4CBC-A83F-23A74D76E1CD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{F538A120-6245-4847-9A74-28153B9BACCB}] => (Allow) C:\Program Files (x86)\EyeFiReceiver.exe
FirewallRules: [{35925D60-1A08-4232-9D49-E03D55D01C1A}] => (Allow) C:\Program Files (x86)\EyeFiReceiver.exe
FirewallRules: [TCP Query User{DBFA4F0A-9701-4A2B-87C3-0B6AF3FDAA25}C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{B68E4E47-6D95-4CC9-913A-859A0BBB5143}C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{75843653-672A-42B0-ABFF-E08556314C1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
04-11-2016 18:19:17 Windows Update
09-11-2016 09:42:47 Windows Update
16-11-2016 17:49:13 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2016 10:53:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.447, time stamp: 0x5819bde0
Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57899873
Exception code: 0x80270233
Fault offset: 0x0000000000033c25
Faulting process id: 0x143c
Faulting application start time: 0x01d24523cce34b03
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Report Id: 68efb713-8bd8-42fb-96d9-b3b8a71826d8
Faulting package full name:
Faulting package-relative application ID:
Error: (11/23/2016 10:48:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: startup.exe, version: 0.0.0.0, time stamp: 0x4ac4893c
Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
Exception code: 0xc0000005
Fault offset: 0x000149d1
Faulting process id: 0x8d0
Faulting application start time: 0x01d245234121ea87
Faulting application path: C:\Users\PjSue\Desktop\VirusBotHelp\DE-Cleaner powered by Kaspersky\de_cleaner_kaspersky\startup.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll
Report Id: 7e462ec7-098d-449b-b824-b17b85df1645
Faulting package full name:
Faulting package-relative application ID:
Error: (11/23/2016 10:44:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
Error: (11/23/2016 10:25:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0
Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5760534f
Exception code: 0xc0000005
Fault offset: 0x0000000000010f73
Faulting process id: 0x1a40
Faulting application start time: 0x01d2451ffd69a647
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
Report Id: 896c3549-5dd4-4189-90df-b249b8e0791c
Faulting package full name:
Faulting package-relative application ID:
Error: (11/23/2016 09:18:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PJANDSUSIEQ)
Description: Activation of app Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2016 09:15:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PJANDSUSIEQ)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2016 07:00:36 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.
Error: (11/23/2016 06:17:42 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.
Error: (11/23/2016 06:17:42 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.
Error: (11/23/2016 06:17:42 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.
System errors:
=============
Error: (11/23/2016 10:51:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/23/2016 10:51:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/23/2016 10:51:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/23/2016 10:50:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (11/23/2016 10:50:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The blinksvc service depends on the BlinkRM service which failed to start because of the following error:
The system cannot find the file specified.
Error: (11/23/2016 10:50:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlinkRM service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/23/2016 10:49:18 AM) (Source: DCOM) (EventID: 10005) (User: PJANDSUSIEQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/23/2016 10:49:18 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
Error: (11/23/2016 10:49:18 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
Error: (11/23/2016 10:49:11 AM) (Source: DCOM) (EventID: 10005) (User: PJANDSUSIEQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
CodeIntegrity:
===================================
Date: 2016-11-23 12:04:52.090
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 12:04:52.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 12:04:52.082
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 12:04:52.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.892
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.888
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-23 09:37:18.885
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 16343.91 MB
Available physical RAM: 10301.32 MB
Total Virtual: 24517.91 MB
Available Virtual: 17565.25 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:672.85 GB) (Free:355.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:468.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C1C3AA4D)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Hi
This is known to be an exceptionally hard infection to deal with. The infection is very good at hiding and going undetected.
It's been reported some had to reinstall/wipe windows and start over.
I will help attempt to remove it off the computer but can't give any kind of guarantee.
~~~~~~
I think it wise to disable Team Viewer and LogMeIn from starting at boot up. This way nothing can be captured and sent through remote connections.
When the TeamViewer window opens, from the Extras menu, choose Options and you should see a window. You'll see a checkmark next to “Start TeamViewer with Windows” Remove that checkmark and click the OK button.
LogMeIn
Go to Computer Management, click on services, find LogMeIn in services, right click select properties. Change it from "Automatic" to "Manual" then reboot and it will not autostart
~~~~~~~~~~~~~~~~~~~
When Farbar Recovery Scan Tool was first run it should had also created FRST.txt
Can you please post this on your next reply.
~~~~~
Also, http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
Please post these 2 logs when finished.
I used advanced uninstaller to remove traces of teamviewer that was deleted some time back.. I cant find any trace of logmein at startup? advanced uninstaller couldn't find it either... I ran the anti root kit but it didn't appear to find anything. You can see why this is driving me nut.. I have attached the requested files and cant wait to hear back... Finally I feel like I am getting somewhere... I copied the info from spamhaus if you want to see that I can send it as well... Thanks again Midge
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by PjSue (administrator) on PJANDSUSIEQ (23-11-2016 13:33:24)
Running from C:\Users\PjSue\Downloads
Loaded Profiles: PjSue (Available Profiles: PjSue & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Dashlane, Inc.) C:\Users\PjSue\AppData\Roaming\Dashlane\Dashlane.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
() C:\Users\PjSue\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
() C:\Program Files\WindowsApps\Facebook.Facebook_71.671.11731.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-30] (Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [McDiags AutoLaunch] => 0
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-18] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\PE_C_DEFAULTAPPPOOL\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Run: [Dashlane] => C:\Users\PjSue\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-11-10] (Dashlane, Inc.)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Run: [Akamai NetSession Interface] => C:\Users\PjSue\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
Startup: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2014-07-06]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{80a1a3b3-626c-4281-b413-fc9c763de47e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{86b20717-4af5-419c-a578-aceb7b6b6ed1}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-25538783
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25538783&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25538783&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\PjSue\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-11-10] (Dashlane, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\PjSue\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-11-10] (Dashlane, Inc.)
FireFox:
========
FF DefaultProfile: captaincook2@bigpond.com
FF ProfilePath: C:\Users\PjSue\AppData\Roaming\Philips-Songbird\Profiles\pr6lrskw.default [2015-04-30]
FF NetworkProxy: Philips-Songbird\Profiles\pr6lrskw.default -> no_proxies_on", "127.0.0.1;localhost"
FF NetworkProxy: Philips-Songbird\Profiles\pr6lrskw.default -> type", 4
FF Extension: (Artwork Extras) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (CD Rip Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Concerts) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (AAC Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MP3 Encoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (File association) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [2015-03-09] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (mashTape) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MSC Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MTP Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Philips addon manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Branding) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [2015-03-09] [not signed]
FF Extension: (LikeMusic) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2015-03-09] [not signed]
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2015-03-09] [not signed]
FF Extension: (Philips auto msc-mtp switch) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Promotions) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Skin) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [2015-03-09] [not signed]
FF Extension: (Philips UI) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [2015-03-09] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Media Sharing) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Windows Media Playback) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [2015-03-09] [not signed]
FF ProfilePath: C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default [2016-11-23]
FF NewTab: Mozilla\Firefox\Profiles\9bazgagd.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9bazgagd.default -> Search Provided by Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\9bazgagd.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9bazgagd.default -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\9bazgagd.default -> hxxps://www.facebook.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\9bazgagd.default -> hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Extension: (Test Pilot) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\@testpilot-addon.xpi [2016-10-05]
FF Extension: (Youtube to MP3 Converter Free) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\@youtubemp3free.xpi [2016-06-26]
FF Extension: (Click&Clean) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\clickclean@hotcleaner.com [2016-04-28]
FF Extension: (YouTube mp3) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\info@youtube-mp3.org.xpi [2016-04-28]
FF Extension: (Dashlane) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-23]
FF Extension: (YouTube™ Flash® Player) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-11-03]
FF Extension: (Page Shot) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jid1-NeEaf3sAHdKHPA@jetpack.xpi [2016-10-05]
FF Extension: (S3.Google Translator) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\s3google@translator.xpi [2016-10-19]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2016-06-18]
FF Extension: (AniWeather) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2016-04-28]
FF Extension: (YouTube High Definition) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-11-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [youcam@cyberlink.com] - C:\Program Files (x86)\CyberLink\YouCam7\BrowserExtension\Firefox
FF Extension: (CyberLink YouCam WebLogin) - C:\Program Files (x86)\CyberLink\YouCam7\BrowserExtension\Firefox [2015-08-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.0.2\ma\bin\npMotive.dll [2014-04-23] (Telstra Corporation Ltd.)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-04-23] (Telstra Corporation Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxps://www.google.com.au/
CHR StartupUrls: Profile 3 -> "hxxps://www.facebook.com/"
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
CHR Extension: (Currency Converter) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2016-08-28]
CHR Extension: (Webcam Toy) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-08-28]
CHR Extension: (Google Maps) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-28]
CHR Extension: (WGT Golf Game) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2016-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR Extension: (My Chrome Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-08-28]
CHR Extension: (Red Bull TV) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2016-08-28]
CHR Extension: (Click&Clean App) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-11-09]
CHR Extension: (Radio) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2016-09-28]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-09-28]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aomjekmpappghadlogpigifkghlmebjk [2016-09-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-09-28]
CHR Extension: (My IP address) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2016-09-28]
CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dappigdjllcnkkoacaoolciaolaaiemb [2016-09-28]
CHR Extension: (WGT Golf Challenge) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2016-09-28]
CHR Extension: (Calculator) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-09-28]
CHR Extension: (PicMonkey Extension) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2016-09-28]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2016-09-28]
CHR Extension: (Fun with Anatomy: 3D Skeletal Edition) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\edaipbgjneincgihdfdbmjfeobinapea [2016-09-28]
CHR Extension: (Photovisi - Photo Collage Maker) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\emkkfkcbnpdnhgeolpbggbdogfngiadf [2016-09-28]
CHR Extension: (Dashlane) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-09-28]
CHR Extension: (PicMonkey) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-09-28]
CHR Extension: (Full Screen Weather) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-09-28]
CHR Extension: (Coloring Pages) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\foniidelkdlapcpngdpcchdemnemdbnf [2016-09-28]
CHR Extension: (365Scores) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gocaejggjgdmkhmbinicknpbhagkblop [2016-09-28]
CHR Extension: (Flixster) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2016-09-28]
CHR Extension: (Pixlr Express) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-09-28]
CHR Extension: (MotorAuthority in Pictures) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iejnbmehnhkijljppacclfbmkncnaekh [2016-09-28]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-09-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2016-09-28]
CHR Extension: (Pixlr Touch Up) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jklljiahjgoglchglekebfljnmbaleig [2016-09-28]
CHR Extension: (Build with Chrome) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-09-28]
CHR Extension: (Currency Converter) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2016-09-28]
CHR Extension: (Webcam Toy) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-09-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-27]
CHR Extension: (Google Maps) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-09-28]
CHR Extension: (WGT Golf Game) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (My Chrome Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-28]
CHR Extension: (Red Bull TV) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2016-09-28]
CHR Extension: (Click&Clean App) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-11-23]
CHR Extension: (Google Docs) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Jigsaw Puzzles) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bjfjbbggnhfffnobladegogdkdjheibb [2016-09-28]
CHR Extension: (Honey) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-11-23]
CHR Extension: (Pushbullet) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-28]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-11-21]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2016-09-28]
CHR Extension: (Pixlr-o-matic) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2016-09-28]
CHR Extension: (Google Calendar) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-28]
CHR Extension: (Dashlane) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-09-28]
CHR Extension: (Google Forms) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2016-09-28]
CHR Extension: (Momentum) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-11-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-28]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-28]
CHR HKU\S-1-5-21-649218570-585308798-3976316672-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-28] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-30] (AVAST Software)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-09-14] ()
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-10-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-10-12] (CyberLink)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-08-24] (Digital Wave Ltd.)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-21] (ASUSTek Computer Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616 2016-10-25] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065496 2016-11-03] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-23] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-30] (Atheros) [File not signed]
S2 BlinkRM; "C:\Program Files (x86)\eEye Digital Security\Blink\blinkrm.exe" [X]
S2 blinksvc; "C:\Program Files (x86)\eEye Digital Security\Blink\blinksvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 31539931; C:\WINDOWS\system32\DRIVERS\31539931.sys [157712 2009-09-25] (Kaspersky Lab)
R1 51667601; C:\WINDOWS\system32\DRIVERS\51667601.sys [157712 2009-09-25] (Kaspersky Lab)
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-03-01] (ASUSTek Computer Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-24] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
R1 de_cleaner_kasperskydrv; C:\WINDOWS\System32\DRIVERS\3153993.sys [352784 2009-10-09] (Kaspersky Lab)
R3 dvdfab; C:\WINDOWS\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-16] (CyberLink Corp.)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-23 13:33 - 2016-11-23 13:34 - 00042863 _____ C:\Users\PjSue\Downloads\FRST.txt
2016-11-23 13:33 - 2016-11-23 13:33 - 00000000 ____D C:\FRST
2016-11-23 13:32 - 2016-11-23 13:33 - 02412544 _____ (Farbar) C:\Users\PjSue\Downloads\FRST64.exe
2016-11-23 13:22 - 2016-11-23 13:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-11-23 13:21 - 2016-11-23 13:21 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PJANDSUSIEQ-Windows-10-Home-(64-bit).dat
2016-11-23 13:21 - 2016-11-23 13:21 - 00000000 ____D C:\RegBackup
2016-11-23 13:19 - 2016-11-23 13:19 - 03449206 _____ C:\Users\PjSue\Downloads\tweaking.com_registry_backup_portable.zip
2016-11-23 10:55 - 2016-11-23 11:00 - 102896472 _____ (Kaspersky Lab ZAO) C:\Users\PjSue\Downloads\KVRT.exe
2016-11-23 10:37 - 2016-11-23 10:48 - 00038690 _____ C:\WINDOWS\ntbtlog.txt
2016-11-23 10:34 - 2016-11-23 10:35 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (5).exe
2016-11-23 06:16 - 2016-11-23 06:17 - 00000000 ____D C:\Users\PjSue\Desktop\Mums Trip
2016-11-23 06:15 - 2016-11-23 10:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-23 06:15 - 2016-11-23 06:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-23 06:15 - 2016-11-23 06:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-23 06:14 - 2016-11-23 06:14 - 01888264 _____ (Malwarebytes ) C:\Users\PjSue\Downloads\mbae-setup-1.09.1.1261.exe
2016-11-23 04:10 - 2016-11-23 04:12 - 00541852 _____ C:\WINDOWS\Minidump\112316-41625-01.dmp
2016-11-22 17:15 - 2016-11-22 17:15 - 00009915 _____ C:\Users\PjSue\Downloads\Payslip_20161120_64001201.PDF
2016-11-22 15:36 - 2016-11-22 15:38 - 00542124 _____ C:\WINDOWS\Minidump\112216-43609-01.dmp
2016-11-21 19:02 - 2016-11-21 19:02 - 00000168 _____ C:\Users\PjSue\Downloads\ATT00002.htm
2016-11-21 18:45 - 2016-11-21 18:47 - 00542228 _____ C:\WINDOWS\Minidump\112116-35609-01.dmp
2016-11-21 15:55 - 2016-11-21 15:55 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (4).exe
2016-11-21 12:31 - 2016-11-21 12:36 - 00542180 _____ C:\WINDOWS\Minidump\112116-52453-01.dmp
2016-11-21 10:59 - 2016-11-23 04:10 - 1173882788 _____ C:\WINDOWS\MEMORY.DMP
2016-11-21 10:59 - 2016-11-23 04:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-21 10:59 - 2016-11-21 11:00 - 00541932 _____ C:\WINDOWS\Minidump\112116-40468-01.dmp
2016-11-19 12:06 - 2016-11-23 04:34 - 00000000 ____D C:\Users\PjSue\AppData\LocalLow\Mozilla
2016-11-19 12:06 - 2016-11-21 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-17 10:23 - 2016-11-21 08:25 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-11-15 17:37 - 2016-11-15 17:38 - 10758584 _____ (Adobe Systems Inc.) C:\Users\PjSue\Downloads\AdobeAIRInstaller (1).exe
2016-11-15 17:31 - 2016-11-15 17:31 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-11-13 08:31 - 2016-11-13 08:31 - 00000331 _____ C:\Users\PjSue\AppData\Local\LMIR0001.tmp_r.bat
2016-11-13 08:14 - 2016-11-13 08:14 - 01864744 _____ (LogMeIn, Inc.) C:\Users\PjSue\Downloads\Support-LogMeInRescue (2).exe
2016-11-12 15:46 - 2016-11-12 15:46 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (4)
2016-11-12 15:37 - 2016-11-12 15:37 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (3)
2016-11-12 15:36 - 2016-11-12 15:36 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (2)
2016-11-12 15:35 - 2016-11-12 15:35 - 00573873 _____ C:\Users\PjSue\Downloads\Part 1 (1)
2016-11-12 15:34 - 2016-11-12 15:34 - 00573873 _____ C:\Users\PjSue\Downloads\Part 1
2016-11-10 20:07 - 2016-11-10 20:07 - 00000000 ____D C:\Users\PjSue\AppData\Local\{DB387BA7-334B-4658-B088-20044C3B0BED}
2016-11-09 09:06 - 2016-11-02 22:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 09:06 - 2016-11-02 22:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 09:06 - 2016-11-02 21:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 09:06 - 2016-11-02 21:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 09:06 - 2016-11-02 21:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 09:06 - 2016-11-02 21:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 09:06 - 2016-11-02 21:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 09:06 - 2016-11-02 21:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 09:06 - 2016-11-02 21:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 09:06 - 2016-11-02 21:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 09:06 - 2016-11-02 21:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 09:06 - 2016-11-02 21:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 09:06 - 2016-11-02 21:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 09:06 - 2016-11-02 21:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 09:06 - 2016-11-02 21:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 09:06 - 2016-11-02 21:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 09:06 - 2016-11-02 21:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 09:06 - 2016-11-02 21:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 09:06 - 2016-11-02 21:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 09:06 - 2016-11-02 21:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 09:06 - 2016-11-02 20:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 09:06 - 2016-11-02 20:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 09:06 - 2016-11-02 20:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 09:06 - 2016-11-02 20:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 09:06 - 2016-11-02 20:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 09:06 - 2016-11-02 20:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 09:06 - 2016-11-02 20:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 09:06 - 2016-11-02 20:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 09:06 - 2016-11-02 20:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 09:06 - 2016-11-02 20:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 09:06 - 2016-11-02 20:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 09:06 - 2016-11-02 20:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 09:06 - 2016-11-02 20:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 09:06 - 2016-11-02 20:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 09:06 - 2016-11-02 20:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 09:06 - 2016-11-02 20:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 09:06 - 2016-11-02 20:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 09:06 - 2016-11-02 20:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 09:06 - 2016-11-02 20:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 09:06 - 2016-11-02 20:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 09:06 - 2016-11-02 20:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 09:06 - 2016-11-02 20:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 09:06 - 2016-11-02 20:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 09:06 - 2016-11-02 20:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 09:06 - 2016-11-02 20:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 09:06 - 2016-11-02 20:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 09:06 - 2016-11-02 20:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 09:06 - 2016-11-02 20:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 09:06 - 2016-11-02 20:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 09:06 - 2016-11-02 20:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 09:06 - 2016-11-02 20:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 09:06 - 2016-11-02 20:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 09:06 - 2016-11-02 20:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 09:06 - 2016-11-02 20:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 09:06 - 2016-11-02 20:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 09:06 - 2016-11-02 18:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 09:05 - 2016-11-02 21:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 09:05 - 2016-11-02 21:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 09:05 - 2016-11-02 21:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 09:05 - 2016-11-02 21:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 09:05 - 2016-11-02 21:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 09:05 - 2016-11-02 21:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 09:05 - 2016-11-02 21:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 09:05 - 2016-11-02 21:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 09:05 - 2016-11-02 21:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 09:05 - 2016-11-02 21:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 09:05 - 2016-11-02 21:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 09:05 - 2016-11-02 21:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 09:05 - 2016-11-02 21:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 09:05 - 2016-11-02 21:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 09:05 - 2016-11-02 21:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 09:05 - 2016-11-02 21:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 09:05 - 2016-11-02 21:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 09:05 - 2016-11-02 21:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 09:05 - 2016-11-02 20:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 09:05 - 2016-11-02 20:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 09:05 - 2016-11-02 20:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 09:05 - 2016-11-02 20:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 09:05 - 2016-11-02 20:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 09:05 - 2016-11-02 20:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 09:05 - 2016-11-02 20:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 09:05 - 2016-11-02 20:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 09:05 - 2016-11-02 20:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 09:05 - 2016-11-02 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 09:05 - 2016-11-02 20:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 09:05 - 2016-11-02 20:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 09:05 - 2016-11-02 20:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 09:05 - 2016-11-02 20:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 09:05 - 2016-11-02 20:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 09:05 - 2016-11-02 20:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 09:05 - 2016-11-02 20:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 09:05 - 2016-11-02 20:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 09:05 - 2016-11-02 20:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 09:05 - 2016-11-02 20:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 09:05 - 2016-11-02 20:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 09:05 - 2016-11-02 20:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 09:05 - 2016-11-02 20:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 09:05 - 2016-11-02 20:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 09:05 - 2016-11-02 20:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 09:05 - 2016-11-02 20:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 09:05 - 2016-11-02 20:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 09:05 - 2016-11-02 20:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 09:05 - 2016-11-02 20:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 09:05 - 2016-11-02 20:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 09:05 - 2016-11-02 20:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 09:05 - 2016-11-02 20:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 09:05 - 2016-11-02 20:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 09:05 - 2016-11-02 20:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 09:05 - 2016-11-02 20:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 09:05 - 2016-11-02 20:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 09:05 - 2016-11-02 20:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 09:05 - 2016-11-02 19:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 09:05 - 2016-11-02 19:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 09:05 - 2016-08-02 14:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 09:03 - 2016-11-09 09:03 - 03910208 _____ C:\Users\PjSue\Downloads\adwcleaner_6.030.exe
2016-11-09 07:35 - 2016-11-13 08:31 - 00000000 ____D C:\Users\PjSue\AppData\Local\LogMeIn Rescue Applet
2016-11-09 07:34 - 2016-11-09 07:35 - 01846824 _____ (LogMeIn, Inc.) C:\Users\PjSue\Downloads\Support-LogMeInRescue.exe
2016-11-09 07:34 - 2016-11-09 07:35 - 01846824 _____ (LogMeIn, Inc.) C:\Users\PjSue\Downloads\Support-LogMeInRescue (1).exe
2016-11-08 07:07 - 2016-11-08 07:07 - 01165622 _____ C:\Users\PjSue\Downloads\1195872174.pdf
2016-11-08 07:06 - 2016-11-08 07:06 - 01164930 _____ C:\Users\PjSue\Downloads\1187900857.pdf
2016-11-07 17:23 - 2016-11-07 17:23 - 00927623 _____ C:\Users\PjSue\Downloads\06 - Summer 2016.pdf
2016-11-05 04:16 - 2016-11-05 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-04 09:51 - 2016-11-04 09:51 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (3).exe
2016-11-04 06:52 - 2016-11-04 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-11-04 06:51 - 2016-11-04 06:52 - 10380544 _____ (Innovative Solutions ) C:\Users\PjSue\Downloads\Advanced_Uninstaller12_15_CNet.exe
2016-11-04 06:12 - 2016-11-04 06:12 - 10397064 _____ (MyTurboPC.com) C:\Users\PjSue\Downloads\Myturbopc_B0DE9D15-8BA4-4FF4-9F2E-AF8ED9F524C1_.exe
2016-11-02 18:59 - 2016-11-02 18:59 - 02226110 _____ C:\Users\PjSue\Downloads\Policy renewal (1).pdf
2016-11-02 18:59 - 2016-11-02 18:59 - 00100141 _____ C:\Users\PjSue\Downloads\Coles FSG 2016.pdf
2016-11-02 18:58 - 2016-11-02 18:58 - 00297172 _____ C:\Users\PjSue\Downloads\Coles Motor PDS 0216.pdf
2016-11-01 15:44 - 2016-11-01 15:44 - 02226110 _____ C:\Users\PjSue\Downloads\Policy renewal.pdf
2016-10-31 06:25 - 2016-10-31 06:25 - 00050601 _____ C:\Users\PjSue\Downloads\Unknown
2016-10-28 21:27 - 2016-10-28 21:27 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2016-10-28 21:27 - 2016-10-28 21:27 - 00000000 ____D C:\Program Files (x86)\Helper
2016-10-28 21:25 - 2016-10-28 21:26 - 13767776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcredist.exe
2016-10-28 08:19 - 2016-10-15 14:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 08:19 - 2016-10-15 14:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 08:19 - 2016-10-15 14:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 08:19 - 2016-10-15 14:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 08:19 - 2016-10-15 14:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 08:19 - 2016-10-15 14:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 08:19 - 2016-10-15 14:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 08:19 - 2016-10-15 14:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 08:19 - 2016-10-15 14:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 08:19 - 2016-10-15 14:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 08:19 - 2016-10-15 14:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 08:19 - 2016-10-15 14:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 08:19 - 2016-10-15 14:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 08:19 - 2016-10-15 14:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 08:19 - 2016-10-15 14:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 08:19 - 2016-10-15 14:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 08:19 - 2016-10-15 14:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 08:19 - 2016-10-15 13:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 08:19 - 2016-10-15 13:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 08:19 - 2016-10-15 13:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 08:19 - 2016-10-15 13:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 08:19 - 2016-10-15 13:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 08:19 - 2016-10-15 13:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 08:19 - 2016-10-15 13:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 08:19 - 2016-10-15 13:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 08:19 - 2016-10-15 13:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 08:19 - 2016-10-15 13:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 08:19 - 2016-10-15 13:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 08:19 - 2016-10-15 13:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 08:19 - 2016-10-15 13:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 08:19 - 2016-10-15 13:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 08:19 - 2016-10-15 13:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 08:19 - 2016-10-15 13:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 08:19 - 2016-10-15 13:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 08:19 - 2016-10-15 13:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 08:19 - 2016-10-15 13:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 08:19 - 2016-10-15 13:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 08:19 - 2016-10-15 13:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 08:19 - 2016-10-15 13:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 08:19 - 2016-10-15 13:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 08:19 - 2016-10-15 13:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 08:19 - 2016-10-15 13:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 08:19 - 2016-10-15 13:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 08:19 - 2016-10-15 13:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 08:19 - 2016-10-15 13:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 08:19 - 2016-10-15 13:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 08:19 - 2016-10-15 13:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 08:19 - 2016-10-15 13:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 08:19 - 2016-10-15 13:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 08:19 - 2016-10-15 13:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 08:19 - 2016-10-15 13:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 08:19 - 2016-10-15 13:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 08:19 - 2016-10-15 13:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 08:19 - 2016-10-15 13:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 08:19 - 2016-10-15 13:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 08:19 - 2016-10-15 13:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 08:19 - 2016-10-15 13:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 08:19 - 2016-10-15 13:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 08:19 - 2016-10-15 13:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 08:19 - 2016-10-15 13:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 08:19 - 2016-10-15 13:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 08:14 - 2016-10-15 14:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 08:14 - 2016-10-15 14:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 08:14 - 2016-10-15 14:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 08:14 - 2016-10-15 14:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 08:14 - 2016-10-15 13:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 08:14 - 2016-10-15 13:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 08:14 - 2016-10-15 13:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 08:14 - 2016-10-15 13:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 08:14 - 2016-10-15 13:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 08:14 - 2016-10-15 13:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 08:14 - 2016-10-15 13:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 08:13 - 2016-10-15 14:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 08:13 - 2016-10-15 14:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 08:13 - 2016-10-15 14:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 08:13 - 2016-10-15 14:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 08:13 - 2016-10-15 14:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 08:13 - 2016-10-15 14:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 08:13 - 2016-10-15 14:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 08:13 - 2016-10-15 14:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 08:13 - 2016-10-15 14:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 08:13 - 2016-10-15 14:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 08:13 - 2016-10-15 14:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 08:13 - 2016-10-15 14:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 08:13 - 2016-10-15 14:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 08:13 - 2016-10-15 14:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 08:13 - 2016-10-15 14:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 08:13 - 2016-10-15 14:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 08:13 - 2016-10-15 14:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 08:13 - 2016-10-15 14:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 08:13 - 2016-10-15 13:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 08:13 - 2016-10-15 13:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 08:13 - 2016-10-15 13:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 08:13 - 2016-10-15 13:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 08:13 - 2016-10-15 13:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 08:13 - 2016-10-15 13:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 08:13 - 2016-10-15 13:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 08:13 - 2016-10-15 13:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 08:13 - 2016-10-15 13:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 08:13 - 2016-10-15 13:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 08:13 - 2016-10-15 13:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 08:13 - 2016-10-15 13:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 08:13 - 2016-10-15 13:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 08:13 - 2016-10-15 13:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 08:13 - 2016-10-15 13:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 08:13 - 2016-10-15 13:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 08:13 - 2016-10-15 13:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 08:13 - 2016-10-15 13:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 08:13 - 2016-10-15 13:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 08:13 - 2016-10-15 13:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 08:13 - 2016-10-15 13:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 08:13 - 2016-10-15 13:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 08:13 - 2016-10-15 13:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 08:13 - 2016-10-15 13:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 08:13 - 2016-10-15 13:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 08:13 - 2016-10-15 13:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 08:13 - 2016-10-15 13:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 08:13 - 2016-10-15 13:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 08:13 - 2016-10-15 13:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 08:13 - 2016-10-15 13:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 08:13 - 2016-10-15 13:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 08:13 - 2016-10-15 13:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 08:13 - 2016-10-15 13:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 08:13 - 2016-10-15 13:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 08:13 - 2016-10-15 13:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 08:13 - 2016-10-15 13:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 08:13 - 2016-10-15 13:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 08:13 - 2016-10-15 13:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 08:13 - 2016-10-15 13:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 08:13 - 2016-10-15 13:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 08:13 - 2016-10-15 13:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 08:13 - 2016-10-15 13:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 08:13 - 2016-10-15 13:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 08:13 - 2016-08-27 15:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 08:13 - 2016-08-06 14:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-28 08:12 - 2016-10-15 14:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 08:12 - 2016-10-15 14:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 08:12 - 2016-10-15 14:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 08:12 - 2016-10-15 14:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 08:12 - 2016-10-15 14:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 08:12 - 2016-10-15 14:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 08:12 - 2016-10-15 14:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 08:12 - 2016-10-15 14:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 08:12 - 2016-10-15 14:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 08:12 - 2016-10-15 14:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 08:12 - 2016-10-15 14:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 08:12 - 2016-10-15 14:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 08:12 - 2016-10-15 14:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 08:12 - 2016-10-15 14:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 08:12 - 2016-10-15 14:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 08:12 - 2016-10-15 14:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 08:12 - 2016-10-15 14:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 08:12 - 2016-10-15 13:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 08:12 - 2016-10-15 13:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 08:12 - 2016-10-15 13:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 08:12 - 2016-10-15 13:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 08:12 - 2016-10-15 13:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 08:12 - 2016-10-15 13:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 08:12 - 2016-10-15 13:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 08:12 - 2016-10-15 13:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 08:12 - 2016-10-15 13:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 08:12 - 2016-10-15 13:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 08:12 - 2016-10-15 13:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 08:12 - 2016-10-15 13:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 08:12 - 2016-10-15 13:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 08:12 - 2016-10-15 13:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 08:12 - 2016-10-15 13:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 08:12 - 2016-10-15 13:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 08:12 - 2016-10-15 13:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 08:12 - 2016-10-15 13:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 08:12 - 2016-10-15 13:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 08:12 - 2016-10-15 13:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 08:12 - 2016-10-15 13:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 08:12 - 2016-10-15 13:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 08:12 - 2016-10-15 13:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 08:12 - 2016-10-15 13:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 08:12 - 2016-10-15 13:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 08:12 - 2016-10-15 13:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 08:12 - 2016-10-15 13:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 08:12 - 2016-10-15 13:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 08:12 - 2016-10-15 13:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 08:12 - 2016-10-15 13:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 08:12 - 2016-10-15 13:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 08:12 - 2016-10-15 13:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 08:12 - 2016-10-15 13:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 08:12 - 2016-10-15 13:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 08:12 - 2016-10-15 13:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 08:11 - 2016-10-15 14:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 08:11 - 2016-10-15 14:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 08:11 - 2016-10-15 13:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 08:11 - 2016-10-15 13:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 08:11 - 2016-10-15 13:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-28 08:11 - 2016-09-10 23:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-26 22:14 - 2016-10-26 22:14 - 07737344 _____ C:\Setup.msi
2016-10-26 17:21 - 2016-11-12 15:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-26 12:13 - 2016-10-26 12:13 - 05227808 _____ () C:\Program Files (x86)\EyeFiReceiver.exe
2016-10-26 12:13 - 2016-10-26 12:13 - 00943392 _____ C:\Program Files (x86)\EyeFiLauncher.exe
2016-10-26 12:13 - 2016-10-26 12:13 - 00489472 _____ (Newtonsoft) C:\Program Files (x86)\Newtonsoft.Json.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00467288 _____ (Microsoft Corp.) C:\Program Files (x86)\WPFToolkit.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00250316 _____ C:\Program Files (x86)\bsptp.lib
2016-10-26 12:13 - 2016-10-26 12:13 - 00065280 _____ () C:\Program Files (x86)\EyeFiCloud.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00049920 _____ C:\Program Files (x86)\EyeFiCard.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00046848 _____ (hardcodet.net) C:\Program Files (x86)\Hardcodet.Wpf.TaskbarNotification.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00035088 _____ C:\Program Files (x86)\bsptpWrapper.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00029456 _____ () C:\Program Files (x86)\ConfigData.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00029184 _____ (Microsoft) C:\Program Files (x86)\PusherClient.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00021784 _____ () C:\Program Files (x86)\FirewallHelper.exe
2016-10-26 12:13 - 2016-10-26 12:13 - 00021264 _____ () C:\Program Files (x86)\EyeFiCardCommon.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 00013072 _____ () C:\Program Files (x86)\Logger.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 01172992 _____ (Robert Simpson, et al.) C:\Program Files (x86)\System.Data.SQLite.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00875472 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr110.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00778616 _____ (Microsoft Corporation) C:\Program Files (x86)\ribboncontrolslibrary.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00632656 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00554832 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00479232 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcm80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00196608 _____ (ICSharpCode.net) C:\Program Files (x86)\ICSharpCode.SharpZipLib.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00088576 _____ (WebSocket4Net) C:\Program Files (x86)\WebSocket4Net.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00070144 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyAppPCL.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00064919 _____ C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 00050688 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyApp.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00047424 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00037104 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00034528 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00033808 _____ C:\Program Files (x86)\System.Threading.Tasks.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 00031520 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00022208 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Runtime.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00021168 _____ (Microsoft Corporation) C:\Program Files (x86)\System.IO.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00019600 _____ C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 00019456 _____ ( ) C:\Program Files (x86)\Interop.NetFwTypeLib.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 00002972 _____ C:\Program Files (x86)\System.Runtime.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 00001870 _____ C:\Program Files (x86)\Microsoft.VC80.CRT.manifest
2016-10-26 12:12 - 2016-10-26 12:12 - 00001506 _____ C:\Program Files (x86)\EyeFiReceiver.exe.config
2016-10-26 12:12 - 2016-10-26 12:12 - 00000134 _____ C:\Program Files (x86)\System.IO.xml
2016-10-26 08:55 - 2016-10-26 08:55 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-10-26 08:55 - 2016-10-26 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-26 08:55 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-10-25 15:09 - 2016-10-25 15:09 - 00009859 _____ C:\Users\PjSue\Downloads\Payslip_20161023_61001201.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-23 13:25 - 2016-05-30 11:56 - 00000000 ____D C:\Users\PjSue\Desktop\VirusBotHelp
2016-11-23 13:13 - 2014-08-13 16:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-23 11:44 - 2016-08-06 07:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-23 11:05 - 2016-07-16 21:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-23 11:05 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-23 10:55 - 2014-06-26 17:43 - 00000000 ____D C:\Users\PjSue\AppData\Local\CrashDumps
2016-11-23 10:52 - 2015-07-30 22:36 - 00000000 ____D C:\Users\PjSue\AppData\Local\HTC MediaHub
2016-11-23 10:50 - 2016-10-02 10:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-23 10:50 - 2016-10-02 09:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-23 10:50 - 2016-10-02 09:45 - 00276632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-23 10:49 - 2016-07-16 16:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-11-23 10:45 - 2016-01-05 16:58 - 00000000 ____D C:\Users\PjSue\AppData\Local\NPE
2016-11-23 10:37 - 2016-08-29 08:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-23 10:37 - 2016-01-05 17:01 - 00000000 ____D C:\NPE
2016-11-23 09:45 - 2016-10-02 09:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-23 09:15 - 2016-10-02 10:00 - 00000000 ____D C:\Users\PjSue
2016-11-23 07:29 - 2014-07-11 17:54 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Skype
2016-11-23 07:01 - 2016-01-05 15:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 07:01 - 2014-07-11 17:54 - 00000000 ____D C:\ProgramData\Skype
2016-11-21 11:37 - 2015-08-24 12:32 - 00000000 ____D C:\Users\PjSue\Desktop\Website Stuff
2016-11-21 11:03 - 2016-07-16 21:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-21 11:01 - 2016-07-16 16:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-21 10:59 - 2014-06-26 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-21 08:25 - 2014-07-14 16:14 - 00000000 ___HD C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2016-11-21 08:24 - 2016-10-02 10:59 - 00004030 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2016-11-21 08:09 - 2014-03-17 15:47 - 00000000 ____D C:\Users\PjSue\Documents\34th Database
2016-11-20 14:23 - 2015-11-09 05:36 - 00000000 ____D C:\Users\PjSue\Desktop\Work memes
2016-11-19 12:06 - 2016-09-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2016-11-18 03:50 - 2014-06-26 17:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-17 09:20 - 2015-08-19 07:33 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Dashlane
2016-11-15 17:31 - 2016-10-02 10:00 - 00000000 ____D C:\Users\DefaultAppPool
2016-11-15 09:21 - 2014-07-12 11:29 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-12 15:45 - 2014-08-17 17:27 - 00000000 ____D C:\Users\PjSue\AppData\Local\Adobe
2016-11-11 17:52 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-11 07:07 - 2015-08-24 12:23 - 00000000 ____D C:\Users\PjSue\Desktop\Political Funnies
2016-11-10 10:01 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-10 10:01 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-09 10:33 - 2015-03-24 13:27 - 00000000 ____D C:\Users\PjSue\AppData\Local\Eye-Fi
2016-11-09 10:31 - 2015-09-10 15:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 10:16 - 2015-08-24 15:11 - 00000000 ____D C:\Users\PjSue\Desktop\Print
2016-11-09 10:15 - 2016-07-16 21:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 10:06 - 2014-06-27 17:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 09:46 - 2014-06-27 17:51 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 09:08 - 2013-11-14 07:34 - 00000000 ____D C:\AdwCleaner
2016-11-09 07:57 - 2016-10-02 10:59 - 00003820 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2016-11-09 07:54 - 2016-10-02 09:58 - 01121942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-09 07:50 - 2014-06-26 16:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-09 07:49 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-11-09 06:06 - 2016-10-02 10:59 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-07 14:49 - 2016-01-05 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-06 15:33 - 2016-10-09 14:55 - 00010054 _____ C:\WINDOWS\SysWOW64\test.bmp
2016-11-06 05:24 - 2015-08-24 12:28 - 00000000 ____D C:\Users\PjSue\Desktop\Asstd Funnies
2016-11-06 05:23 - 2015-08-24 12:23 - 00000000 ____D C:\Users\PjSue\Desktop\Muslim Funnies
2016-11-05 04:17 - 2014-07-28 16:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-05 04:16 - 2016-10-02 10:59 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-11-05 04:16 - 2014-07-28 16:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-04 06:52 - 2016-06-30 14:47 - 00001600 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2016-11-03 06:53 - 2014-06-28 07:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-30 09:07 - 2014-06-26 16:48 - 00000000 ____D C:\Users\PjSue\AppData\Local\Google
2016-10-29 09:56 - 2016-07-16 21:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-29 09:56 - 2016-07-16 21:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-28 20:16 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-28 20:15 - 2016-07-16 21:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-26 17:41 - 2016-09-19 11:14 - 00000000 ____D C:\Users\PjSue\AppData\Local\Facebook
2016-10-26 17:21 - 2012-02-18 17:36 - 00000000 ____D C:\ProgramData\Adobe
2016-10-26 17:21 - 2012-02-18 17:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-26 08:55 - 2016-08-06 07:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
==================== Files in the root of some directories =======
2014-07-13 12:14 - 2014-01-03 16:38 - 8322294 _____ () C:\Program Files (x86)\avcodec-54.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0944215 _____ () C:\Program Files (x86)\avfilter-3.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 1869401 _____ () C:\Program Files (x86)\avformat-54.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0355201 _____ () C:\Program Files (x86)\avutil-52.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0250316 _____ () C:\Program Files (x86)\bsptp.lib
2016-10-26 12:13 - 2016-10-26 12:13 - 0035088 _____ () C:\Program Files (x86)\bsptpWrapper.dll
2014-07-13 12:14 - 2014-03-20 15:07 - 0038810 _____ () C:\Program Files (x86)\Changes.txt
2014-07-13 12:14 - 2013-03-04 09:57 - 2632898 _____ () C:\Program Files (x86)\codecs.dll
2014-07-13 12:14 - 2012-07-04 19:16 - 0021547 _____ () C:\Program Files (x86)\Commandline.txt
2014-07-13 12:14 - 2014-03-06 15:24 - 0067657 _____ () C:\Program Files (x86)\config.xml
2016-10-26 12:13 - 2016-10-26 12:13 - 0029456 _____ () C:\Program Files (x86)\ConfigData.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0078336 _____ (Fengtao Software Inc.) C:\Program Files (x86)\CrashRpt.dll
2014-07-13 12:14 - 2013-09-06 15:51 - 2106216 _____ (Microsoft Corporation) C:\Program Files (x86)\D3DCompiler_43.dll
2014-07-13 12:14 - 2013-11-23 16:25 - 0348504 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dref9.dll
2014-07-13 12:14 - 2013-03-29 11:23 - 1998168 _____ (Microsoft Corporation) C:\Program Files (x86)\D3DX9_43.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0640000 _____ (Microsoft Corporation) C:\Program Files (x86)\dbghelp.dll
2014-07-13 12:14 - 2012-11-25 19:12 - 0000048 _____ () C:\Program Files (x86)\DVDFab Passkey.url
2014-07-13 12:14 - 2013-10-08 16:57 - 0006086 _____ () C:\Program Files (x86)\dvdfab.crt
2014-07-13 12:14 - 2014-03-20 18:14 - 11888672 _____ (Fengtao Software Inc.) C:\Program Files (x86)\DVDFab.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 1157730 _____ () C:\Program Files (x86)\DVDFab.rcc
2014-07-13 12:14 - 2014-03-26 19:19 - 0000047 _____ () C:\Program Files (x86)\DVDFab.url
2014-07-13 12:14 - 2012-11-24 17:50 - 1394552 _____ (Fengtao Software Inc.) C:\Program Files (x86)\DVDFabPasskey.exe
2014-07-13 12:14 - 2013-03-04 09:57 - 0042664 _____ () C:\Program Files (x86)\error.wav
2016-10-26 12:13 - 2016-10-26 12:13 - 0049920 _____ () C:\Program Files (x86)\EyeFiCard.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0021264 _____ () C:\Program Files (x86)\EyeFiCardCommon.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0065280 _____ () C:\Program Files (x86)\EyeFiCloud.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0943392 _____ () C:\Program Files (x86)\EyeFiLauncher.exe
2016-10-26 12:13 - 2016-10-26 12:13 - 5227808 _____ () C:\Program Files (x86)\EyeFiReceiver.exe
2016-10-26 12:12 - 2016-10-26 12:12 - 0001506 _____ () C:\Program Files (x86)\EyeFiReceiver.exe.config
2014-07-13 12:14 - 2014-03-12 17:53 - 0373792 _____ () C:\Program Files (x86)\FabCheck.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 0184352 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabCopy.exe
2014-07-13 12:14 - 2014-03-12 17:54 - 0542240 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabCore.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 0149024 _____ () C:\Program Files (x86)\FabRegOp.exe
2014-07-13 12:14 - 2014-03-14 11:46 - 1553440 _____ () C:\Program Files (x86)\FabReport.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 1958432 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabUpdate.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 0326395 _____ () C:\Program Files (x86)\FileMove.rcc
2014-07-13 12:14 - 2014-03-12 17:53 - 1206816 _____ () C:\Program Files (x86)\FileMover.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 0030473 _____ () C:\Program Files (x86)\FileMove_AnimationSetting.txt
2014-07-13 12:14 - 2013-04-12 14:05 - 0014735 _____ () C:\Program Files (x86)\FileMove_style.css
2016-10-26 12:13 - 2016-10-26 12:13 - 0021784 _____ () C:\Program Files (x86)\FirewallHelper.exe
2014-07-13 12:14 - 2013-12-16 09:54 - 0458752 _____ () C:\Program Files (x86)\freetype6.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0046848 _____ (hardcodet.net) C:\Program Files (x86)\Hardcodet.Wpf.TaskbarNotification.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0050688 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyApp.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0070144 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyAppPCL.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0196608 _____ (ICSharpCode.net) C:\Program Files (x86)\ICSharpCode.SharpZipLib.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0019456 _____ ( ) C:\Program Files (x86)\Interop.NetFwTypeLib.dll
2014-07-13 12:14 - 2012-07-04 19:16 - 0026940 _____ () C:\Program Files (x86)\lgpl-2.1.txt
2014-07-13 12:14 - 2013-12-16 09:54 - 2314240 _____ () C:\Program Files (x86)\libass.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0071168 _____ () C:\Program Files (x86)\libEGL.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0143096 _____ () C:\Program Files (x86)\libexpat-1.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0279059 _____ () C:\Program Files (x86)\libfontconfig-1.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0990208 _____ () C:\Program Files (x86)\libGLESv2.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0134656 _____ () C:\Program Files (x86)\libmad.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0117774 _____ () C:\Program Files (x86)\libmpeg2-0.dll
2014-07-13 12:14 - 2014-02-27 13:41 - 5324800 _____ () C:\Program Files (x86)\libplayercore.dll
2014-07-13 12:14 - 2014-03-12 11:03 - 0006508 _____ () C:\Program Files (x86)\License.txt
2014-07-13 12:14 - 2014-03-12 11:02 - 0006965 _____ () C:\Program Files (x86)\License_Italian.txt
2016-10-26 12:13 - 2016-10-26 12:13 - 0013072 _____ () C:\Program Files (x86)\Logger.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0086528 _____ () C:\Program Files (x86)\mgwz.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0037104 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0047424 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0064919 _____ () C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0031520 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0019600 _____ () C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0001870 _____ () C:\Program Files (x86)\Microsoft.VC80.CRT.manifest
2016-10-26 12:12 - 2016-10-26 12:12 - 0479232 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcm80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0554832 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0875472 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr110.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0632656 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr80.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0489472 _____ (Newtonsoft) C:\Program Files (x86)\Newtonsoft.Json.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0224096 _____ () C:\Program Files (x86)\postproc-52.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0073382 _____ (Open Source Software community project) C:\Program Files (x86)\pthreadGC2.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0029184 _____ (Microsoft) C:\Program Files (x86)\PusherClient.dll
2014-07-13 12:14 - 2014-03-26 19:19 - 0000941 _____ () C:\Program Files (x86)\QT Log.lnk
2014-07-13 12:14 - 2014-01-16 15:50 - 5072896 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Core.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3414016 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Gui.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0783360 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Network.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0276992 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5OpenGL.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3089408 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Qml.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 2532864 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Quick.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0403456 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5QuickParticles.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0172544 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Sql.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0231424 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Svg.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 4810240 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Widgets.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0187904 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Xml.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3267584 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5XmlPatterns.dll
2014-07-13 12:14 - 2014-03-20 15:07 - 0010918 _____ () C:\Program Files (x86)\Readme.txt
2014-07-13 12:14 - 2011-04-20 16:05 - 0074776 _____ (Fengtao Software Inc.) C:\Program Files (x86)\RegDVDFabPasskey.exe
2016-10-26 12:12 - 2016-10-26 12:12 - 0778616 _____ (Microsoft Corporation) C:\Program Files (x86)\ribboncontrolslibrary.dll
2014-07-13 12:14 - 2013-04-12 14:05 - 0004595 _____ () C:\Program Files (x86)\Setting.txt
2014-07-13 12:14 - 2014-03-12 10:50 - 0084722 _____ () C:\Program Files (x86)\style.css
2014-07-13 12:14 - 2013-03-04 09:57 - 0036716 _____ () C:\Program Files (x86)\succ.wav
2014-07-13 12:14 - 2013-12-16 09:54 - 0146203 _____ () C:\Program Files (x86)\swresample-0.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0432290 _____ () C:\Program Files (x86)\swscale-2.dll
2014-07-13 12:14 - 2011-08-04 17:46 - 0111616 _____ (Fengtao Software Inc.) C:\Program Files (x86)\syssnap.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 1172992 _____ (Robert Simpson, et al.) C:\Program Files (x86)\System.Data.SQLite.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0021168 _____ (Microsoft Corporation) C:\Program Files (x86)\System.IO.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0000134 _____ () C:\Program Files (x86)\System.IO.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0022208 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Runtime.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0002972 _____ () C:\Program Files (x86)\System.Runtime.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0034528 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0033808 _____ () C:\Program Files (x86)\System.Threading.Tasks.xml
2014-07-13 12:14 - 2014-03-12 11:43 - 0000243 _____ () C:\Program Files (x86)\uicfg.zip
2014-07-13 12:14 - 2013-03-04 09:57 - 0013522 _____ () C:\Program Files (x86)\uictl_default.xml
2014-07-13 12:14 - 2013-07-04 11:47 - 0735323 _____ () C:\Program Files (x86)\uiframe.rcc
2014-07-13 12:14 - 2014-03-26 19:19 - 0552135 _____ () C:\Program Files (x86)\unins000.dat
2014-07-13 12:14 - 2014-03-26 19:17 - 1290784 _____ () C:\Program Files (x86)\unins000.exe
2014-07-13 12:14 - 2014-03-26 19:19 - 0022701 _____ () C:\Program Files (x86)\unins000.msg
2014-07-13 12:14 - 2014-03-20 18:16 - 0011693 _____ () C:\Program Files (x86)\update.xml
2014-07-13 12:14 - 2013-11-07 11:55 - 3072872 _____ (VSO Software) C:\Program Files (x86)\vso_hwe.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0088576 _____ (WebSocket4Net) C:\Program Files (x86)\WebSocket4Net.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0467288 _____ (Microsoft Corp.) C:\Program Files (x86)\WPFToolkit.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0065536 _____ () C:\Program Files (x86)\zlibwapi.dll
2016-01-12 08:35 - 2016-01-12 08:44 - 0000467 _____ () C:\Users\PjSue\AppData\Roaming\burnaware.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000096 _____ () C:\Users\PjSue\AppData\Roaming\Camdata.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000408 _____ () C:\Users\PjSue\AppData\Roaming\CamLayout.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000408 _____ () C:\Users\PjSue\AppData\Roaming\CamShapes.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0004546 _____ () C:\Users\PjSue\AppData\Roaming\CamStudio.cfg
2016-11-04 06:13 - 2016-11-04 06:47 - 0000115 _____ () C:\Users\PjSue\AppData\Roaming\LogFile.txt
2014-06-26 16:11 - 2014-08-03 08:49 - 0000387 _____ () C:\Users\PjSue\AppData\Roaming\sp_data.sys
2015-02-06 14:31 - 2016-01-05 12:39 - 0000096 _____ () C:\Users\PjSue\AppData\Roaming\version2.xml
2014-11-30 13:29 - 2016-07-06 09:08 - 0052736 _____ () C:\Users\PjSue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-13 08:31 - 2016-11-13 08:31 - 0000331 _____ () C:\Users\PjSue\AppData\Local\LMIR0001.tmp_r.bat
2016-02-23 06:36 - 2016-02-23 06:39 - 0007609 _____ () C:\Users\PjSue\AppData\Local\resmon.resmoncfg
2014-06-07 02:54 - 2014-06-07 02:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-06-07 02:53 - 2014-06-07 02:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-07 02:53 - 2014-06-07 02:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\PjSue\AppData\Local\Temp\libeay32.dll
C:\Users\PjSue\AppData\Local\Temp\msvcr120.dll
C:\Users\PjSue\AppData\Local\Temp\sqlite3.dll
C:\Users\PjSue\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-14 16:40
==================== End of FRST.txt ============================
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 17137836032, free: 11761565696
Downloaded database version: v2016.11.23.15
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.09.21.01
=======================================
Initializing...
------------ Kernel report ------------
11/24/2016 06:24:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\3153993.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\aswNetSec.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\51667601.sys
\SystemRoot\system32\DRIVERS\31539931.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\dvdfab.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\XtuAcpiDriver.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\system32\DRIVERS\nvstusb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.23.15
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffdb8b2bf58060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffdb8b2befbae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdb8b2bf58060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffdb8b2ac93e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdb8b2a909330, DeviceName: \Device\00000034\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C1C3AA4D
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2431835518
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 9110aaef-bbe7-44d6-b8f9-63917bfe795b
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2431835518
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 9110aaef-bbe7-44d6-b8f9-63917bfe795b
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 14621d34-a6e7-4fdf-85f2-41552b7835be
FirstLBA 2048 Last LBA 411647
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 2e8dfe06-9993-4e9f-affd-924cb2d3614f
FirstLBA 411648 Last LBA 673791
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 692bfeab-34d2-4520-8e86-5580c82294ec
FirstLBA 673792 Last LBA 1411744786
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 845e1e17-6763-493d-bcd5-be7ad0adb3b
FirstLBA 1411745792 Last LBA 1412718591
Attributes 1
Partition Name
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 41912ac0-6582-40e9-bfd3-2b2bb1dfbf
FirstLBA 1412718592 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffdb8b2bf57060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffdb8b2befaae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffdb8b2bf57060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffdb8b2ad5ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffdb8b2a906060, DeviceName: \Device\00000035\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616
Partition is not bootable
Partition file system is NTFS
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_9e58d6f8311e6fc8\msvcp140.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_9e58d6f8311e6fc8\vcruntime140.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netshell.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netshell.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RstrtMgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wups.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usoapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UPDATEPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UPDATEPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dsparse.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winusb.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\WPFGFX_V0300.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\WPFGFX_V0300.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECSEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECSEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRESENTATIONNATIVE_V0300.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctfui.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gameux.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gameux.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_a338d8ea2df29efb\mfc140u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\perfos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.XAML.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.XAML.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.CORE.TEXTINPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.CORE.TEXTINPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.IMMERSIVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.IMMERSIVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.APPLICATIONDATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GRAPHICS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GRAPHICS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.ENUMERATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.ENUMERATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEASSOCIATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTOWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DDORes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFAULTDEVICEMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFAULTDEVICEMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wpnapps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dsclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ieproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GEOLOCATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GEOLOCATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.DEVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMASF.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmploc.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
------------ Kernel report ------------
11/24/2016 07:01:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\3153993.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\aswNetSec.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\51667601.sys
\SystemRoot\system32\DRIVERS\31539931.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\dvdfab.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\XtuAcpiDriver.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\system32\DRIVERS\nvstusb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
File "C:\Users\PjSue\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.11.23.15
rootkit: v2016.11.20.01
Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
PjSue :: PJANDSUSIEQ [administrator]
24/11/2016 6:24:37 AM
mbar-log-2016-11-24 (06-24-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 398696
Time elapsed: 1 hour(s), 4 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
I don't know why I said at boot up because that wasn't were the files were found
Here is the remaining info for LogMeIn, if you want help removing whats left let me know,
FirewallRules: [TCP Query User{DBFA4F0A-9701-4A2B-87C3-0B6AF3FDAA25}C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
C:\Users\PjSue\AppData\Local\LogMeIn Rescue Applet
C:\Users\PjSue\Downloads\Support-LogMeInRescue.exe
C:\Users\PjSue\Downloads\Support-LogMeInRescue (1).exe
C:\Users\PjSue\Downloads\Support-LogMeInRescue (2).exe
C:\Users\PjSue\AppData\Local\LogMeIn Rescue Applet
C:\Users\PjSue\Downloads\Support-LogMeInRescue.exe
C:\Users\PjSue\Downloads\Support-LogMeInRescue (1).exe
~~~~~~~~~~~~~~~~~~~~~`
I think you need to change your email passwords from a known clean computer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Running from C:\Users\PjSue\Downloads
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open [u]Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
Task: {0BC1C31D-DC09-45F3-91E9-43CE18684FE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2B4257EA-3171-4706-B156-CEDD1512D598} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {474DA740-EDDE-4F41-902D-BBC2681C5F2C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4D4C3CBA-549D-4A45-B171-64CA843874D9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5D398BA0-899C-4310-9CAE-D04145AB1924} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {71C56698-1FD8-4E39-8B91-CCFE3E4B306B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89CB7494-AF55-43F8-BA61-6392232A7C0C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {921932E1-DDD1-4081-845A-C45B0689F6BF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {9658543B-3897-4261-928D-44D277252353} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {97A23270-CE9E-4C97-ABAA-8C76F867B1F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B869B06C-5B6A-44C9-BE86-86C55B1251A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E517D877-30E5-47E3-9CBC-EF86392C8054} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FFA30135-7B45-4653-A214-4450BEF06CF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mijlebbfndhelmdpmllgcfadlkankhok\Quick Note.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mijlebbfndhelmdpmllgcfadlkankhok
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pixlr Touch Up.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jklljiahjgoglchglekebfljnmbaleig
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Pj - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-25538783
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25538783&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-25538783&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> No File
C:\Users\PjSue\AppData\Local\Temp\libeay32.dll
C:\Users\PjSue\AppData\Local\Temp\msvcr120.dll
C:\Users\PjSue\AppData\Local\Temp\sqlite3.dll
C:\Users\PjSue\AppData\Local\Temp\vcredist_x86.exe
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt
Ok I moved farbar to the desktop copied the fixlist to same location and ran... I changed my mail password..I didn't have any luck finding logmein where you said in order to manually delete but I did go through the downloads file and got rid of any reference to teamviewer... and I have attached the three files you requested ... again mate thanks heaps for helping me ... Midge
Let's update and run a fresh scan with Malwarebytes Anti-Malware
Open Malwarebytes Anti-Malware
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.
~~~~~
Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.
Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).
After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Please post these 2 logs when finished.
I am trying not to get too excited yet but I haven't been relisted by the CBL in over 24 hours. Here is the malwarebytes log as requested...
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 25/11/2016
Scan Time: 3:52 AM
Logfile:
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.11.23.19
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: PjSue
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366848
Time Elapsed: 1 hr, 32 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
OK
Looking pretty good.
Only thing I think I would do next is a precautionary measure.
Reset your router (If you connect through a router)
Shut down the computer.
Turn power off to the router (Internet connection) and wait 5 minutes.
Turn the power to the router back on and wait for the lights to stop blinking.
Turn the computer back on.
~~~~~~~~~~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
~~
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
~~~
Ready to remove tools and quarantine folders?
Ok mate all good so far... I left the modem off for half an hour just to be sure... checked the IP address on Spamhaus and came up green again... Still trying not to get too excited yet but I think you are a genius and have sorted out the nightmare I have been enduring for way too long... I moved all the files and reports into a folder on the desktop for now just in case... I can't thank you enough for going out of your way and helping people like me out, the internet would be a much darker place without you... I will post again in this thread in a week or so just to confirm it's sorted... Midge
If you think your computer is being used as a spam bot again, resetting the router and changing passwords from a known clean computer is your first step in the right direction.
The tools you moved into a desktop folder do not auto update so do remember that they will need to be deleted out along with their quarantined files soon or, your antivirus is likely to pick up on those and give you another nightmare.
I'm not a genius. I follow developers (they are the geniuses) directions on how to use their tools to help clean victims machines. I do appreciate your thanks you's .
Hi Juliet sorry to report that my computer has been listed again, I got my hopes up when my email lasted 5 or 6 days.. I bought the malwarebytes paid version and also their anti exploit premium right after I emailed you last hoping that would prevent further infestations but it appears we didn't manage to remove the original one after all It is an insidious virus.. I have screen captured the page from the CBL and attached it for your info... I will understand if there is nothing further we can do ... Midge
RogueKiller Scan
Please download RogueKiller (x32) (http://download.adlice.com/api?action=download&app=roguekiller&type=x86) / RogueKiller (x64) (http://download.adlice.com/api?action=download&app=roguekiller&type=x64) and save the file to your Desktop.
Close any running programmes.
Double-click RogueKillerx64.exe to run the programme.
Follow the prompts. If a browser window opens, close the window.
In the HOME tab, click Start Scan.
Upon completion, a browser window may open. Close this window.
Please do not have RogueKiller remove any detected items.
Click the HISTORY tab, followed by Scan Reports.
Double-click the scan log, and click Open TXT.
Copy the contents of the log and paste in your next reply.
Close RogueKiller.
~~~~~~~~~~~~~~~~~~~~`
Locate Farbar Recovery Scan Tool you have along with Addition.txt and fixlist.txt
delete them please.
Now let's get an updated copy.
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
I was running the scan for about an hour there were 11 detections then the computer restarted on its own for some reason... I am running it again then will save the file and get farbar and run it again... sorry about the delay
not a problem. Expecting some detection's, not all are or will be malicious.
I've got to call it a night here but,
follow the tips in the below link to change your IP settings.
https://support.microsoft.com/en-us/help/15089/windows-change-tcp-ip-settings
Here is the report from Roguekiller I will now do the farbar one again.... Midge
Here are the farbar files... Hopefully you see something there...
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by PjSue (29-11-2016 12:54:44)
Running from C:\Users\PjSue\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-02 01:18:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-649218570-585308798-3976316672-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-649218570-585308798-3976316672-503 - Limited - Disabled)
Guest (S-1-5-21-649218570-585308798-3976316672-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-649218570-585308798-3976316672-1003 - Limited - Enabled)
PjSue (S-1-5-21-649218570-585308798-3976316672-1001 - Administrator - Enabled) => C:\Users\PjSue
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D Vision Video Player v1.5.5a (HKLM-x32\...\3D Vision Video Player v1.5.5a) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.15.0.70 - Innovative Solutions)
Akamai NetSession Interface (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)
Angry Birds Rio (HKLM-x32\...\{B4C29016-8195-4D07-80F1-6DFB5437C0B6}) (Version: 2.2.0 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{E52AA845-C780-4CE4-A040-840073FFA12D}) (Version: 4.1.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{FA4E4BC2-335B-4453-A381-0D111937E748}) (Version: 2.0.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_G75 Series_ENG (HKLM-x32\...\AsusScr_G75 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BurnAware Free 8.7 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.0.0 - Canon Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
CyberLink Holiday Pack Vol.6 for YouCam (HKLM-x32\...\InstallShield_{B17D6DAB-FA82-4e06-AB92-001D4F76869B}) (Version: Holiday Pack 6 for YouCam - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.2218.53 - CyberLink Corp.)
CyberLink YouCam 7 (HKLM-x32\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0824.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Dashlane) (Version: 4.6.3.20593 - Dashlane SAS)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Download App (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Download App) (Version: 1.6.6 - CBS Interactive)
DVDFab 9.2.2.8 (02/02/2016) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDFab Passkey 8.2.6.1 (15/02/2016) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.)
Elevated Installer (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Eyefi Mobi Desktop Transfer (HKLM-x32\...\{33CE49ED-5BD4-4921-AC59-29D46938693B}) (Version: 5.12.0.131 - Eye-Fi, Inc)
ffdshow v1.1.3892 [2011-06-20] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3892.0 - )
ffdshow x64 v1.3.4531 [2014-06-28] (HKLM\...\ffdshow64_is1) (Version: 1.3.4531.0 - )
Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version: - )
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.27.822 - Digital Wave Ltd)
FUJIFILM MyFinePix Studio 1.2 (HKLM-x32\...\FinePix Genie_is1) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameFast (HKLM\...\GameFast_is1) (Version: 1.0.1.1 - ASUSTEK Computer Inc)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{CF0B9EF4-0584-3F6B-A7E1-4CEEF4169895}) (Version: 66.19.16506 - Google, Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Homestead SiteBuilder (HKLM-x32\...\Homestead SiteBuilder) (Version: - Homestead)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{1F9E5C64-165D-4679-BBB3-498D216D017B}) (Version: 3.3.7 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intuit SiteBuilder (HKLM-x32\...\Intuit SiteBuilder) (Version: - Intuit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
James Cameron's AVATAR(tm): THE GAME (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Leawo Blu-ray Player version 1.9.2.3 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.9.2.3 - leawo Software)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8206 - MyHeritage.com)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA 3D Vision PowerPack - Batman Arkham Asylum (HKLM-x32\...\NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1) (Version: - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
NVIDIA Apollo 11 Demo (HKLM-x32\...\Apollo 11) (Version: 1.03 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Supersonic Sled demo (HKLM-x32\...\Supersonic Sled) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rotation Desktop for G Series (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.1.3.2 - ASUSTEK Computer Inc)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Stardock ObjectDock (HKLM-x32\...\Stardock ObjectDock) (Version: 2.10 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR Performance Test (HKLM-x32\...\Steam App 323910) (Version: - Valve)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated)
Telstra Broadband Assistant (HKLM-x32\...\Telstra-Telstra Broadband Assistant) (Version: 1.0.0.2 - Telstra Corporation Ltd.)
USB Game Controller (HKLM-x32\...\{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}) (Version: 2007.01.01 - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.522 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 5.5.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0349F974-C53F-42A0-B7C6-C1E051A1C2FA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-10-25] ()
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {0CDAD8D1-8A18-4751-B75B-EE7027F3A492} - System32\Tasks\SafeZone scheduled Autoupdate 1450422863 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {13392A0D-6B82-45EF-94B9-789390E87A92} - System32\Tasks\{07044654-8413-49E2-8B6D-1402C6941C46} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.64.102/en/go/help.faq.installer?LastError=1638
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FD31D27-985A-46D6-98D7-43A0A3C39E33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {249F3049-92CC-47E0-A6B3-110B08539307} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {251AA5FE-24B3-4BDD-9AD6-389E8572B3B4} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-11-03] (Innovative Solutions)
Task: {282E6B04-CCAE-4DDA-984A-047BFDC19649} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-06-01] ()
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A6E172C-C11E-4B99-A42B-75B97AD0D207} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {55FFF6C1-F500-404D-9B72-BB481BB67454} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-11-03] (Innovative Solutions GRUP SRL)
Task: {56BBE9CF-81A6-4840-91A7-AF777F37B745} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5728BAC6-102E-41E0-8AF0-DEAB03B6407B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-03-01] (ASUSTek Computer Inc.)
Task: {67B4A700-8DB6-4F7A-A19E-79832EBACFF7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73F72A93-B159-43E4-9638-80219DF01253} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-11-03] (Innovative Solutions)
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CD159A2-BCE1-4408-A5F3-8C7DF78950C8} - System32\Tasks\{65B901F6-56BE-46D7-B4F3-9BCE1501DB53} => C:\Users\PjSue\Desktop\nzd_Avatar_TheGame_Demo.exe
Task: {7D97DAD3-EE2F-47D0-83C4-AF75DD94F46D} - System32\Tasks\{0C994082-99C5-4969-80AE-468CF40F2A79} => pcalua.exe -a "C:\Users\PjSue\Downloads\B2CAppSetup (3).exe" -d C:\Users\PjSue\Downloads
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85928573-E9BB-490D-9FE0-B7626B2D4877} - System32\Tasks\{828D3D50-C40D-44B2-B92E-F56F6FAFC76B} => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [2012-11-26] (ASUSTek Computer Inc.)
Task: {8E68BB19-988F-46D1-B003-17B1BF33BE0E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {9FBAEDD8-F82F-4259-816F-BF14D9FCAFA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A47C0FA5-D486-468A-BD45-148563614A07} - System32\Tasks\{4551DD98-76AA-40DD-8AFD-65889EB62982} => pcalua.exe -a C:\Users\PjSue\Desktop\nzd_Avatar_TheGame_Demo.exe -d C:\Users\PjSue\Desktop
Task: {A69895A6-F111-4394-9EEF-D1F8C75724C7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29] ()
Task: {AA7EA33F-52CB-464C-8972-28616107121E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0A29273-911F-4069-9271-FF866DB5823C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {B5260A31-A79E-46E7-A2ED-E702C5DBAFBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B7B658EE-7BBF-41B8-8095-B577C8BCFEFA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {B8D1A5A8-16E1-4270-8CB6-B0FAA07A1BBB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {BAC4B78D-A096-4B9D-839B-DD125C03EEBB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-12-11] ()
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D8257178-EDBA-4396-9BB9-BE9F32524455} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F8B0EB7C-363A-403B-ABBA-F481CD8C150B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-16] (ASUS)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD102E3E-7234-41CF-88EA-4014D9FC2159} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {FE1ABE7E-7AF7-47B6-90DE-54D8AB3A2361} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AirDroid.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=hkgndiocipalkpejnpafdbdlfdjihomd
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 21:42 - 2016-07-16 21:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-03 03:35 - 2016-10-03 03:35 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 09:53 - 2016-08-01 22:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-13 13:56 - 2011-09-14 23:48 - 00083240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2014-06-07 02:50 - 2011-03-28 06:23 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
2014-06-07 02:38 - 2012-02-22 05:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2016-02-23 08:21 - 2016-06-15 06:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-30 17:56 - 2016-06-15 06:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-23 08:21 - 2016-06-15 06:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-03-29 06:32 - 2016-06-15 06:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-17 16:48 - 2016-06-15 06:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2010-07-15 09:11 - 2010-07-15 09:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 06:32 - 2016-06-15 06:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-10-03 03:35 - 2016-10-03 03:35 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-02 11:30 - 2016-10-02 11:30 - 00959168 _____ () C:\Users\PjSue\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2016-10-03 03:35 - 2016-10-03 03:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 09:05 - 2016-11-02 20:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 09:06 - 2016-11-02 20:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-19 07:35 - 2016-11-10 23:52 - 00536960 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-11-19 04:14 - 2016-11-19 04:15 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 04:14 - 2016-11-19 04:15 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 04:14 - 2016-11-19 04:15 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-29 10:20 - 2016-11-29 10:22 - 25550920 _____ () C:\Users\PjSue\Desktop\RogueKillerX64.exe
2016-11-15 09:21 - 2016-11-09 07:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 09:21 - 2016-11-09 07:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-23 14:17 - 2016-11-23 14:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 14:17 - 2016-11-23 14:18 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 07:06 - 2016-06-04 07:07 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 14:17 - 2016-11-23 14:18 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 14:17 - 2016-11-23 14:18 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-08-30 08:53 - 2016-08-30 08:53 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-29 05:26 - 2016-11-29 05:26 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112801\algo.dll
2016-08-30 08:53 - 2016-08-30 08:53 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-07-13 13:57 - 2011-08-26 14:57 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-08-06 07:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-26 08:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-14 14:23 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2016-06-30 14:47 - 2016-11-03 11:52 - 00010792 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2015-04-29 18:57 - 2016-06-15 06:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00346496 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00441216 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00471424 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 63181696 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00292736 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 06322048 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 07602560 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.3.20593.dll
2014-03-18 05:59 - 2014-03-18 05:59 - 00091544 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
2016-08-30 08:53 - 2016-08-30 08:53 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-06 07:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-10 23:52 - 2016-11-10 23:52 - 13827456 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 02285440 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.3.20593.dll
2016-11-10 23:52 - 2016-11-10 23:52 - 00334208 _____ () C:\Users\PjSue\AppData\Roaming\Dashlane\4.6.3.20593\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.3.20593.dll
2014-06-07 02:38 - 2012-02-22 05:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04803893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04803893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2016-11-24 10:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^PjSue^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download App.lnk => C:\Windows\pss\Download App.lnk.Startup
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "YouCam Service7"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C41EF73F-4CD6-4437-A4E1-2D0B9F925019}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{36B34017-10D3-449E-9758-3EFDA041E43A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1DB8B516-B7F4-4DA0-B6D5-9B6D280B547A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{9ABFBFD0-FBBC-4871-8D37-EF68EE9369C6}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{3DE854EC-9AC6-4049-BFEB-8A24D58DD553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [{04E6B6BD-5B92-4B2E-A111-919A98AD9F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe
FirewallRules: [UDP Query User{4ECEBE5D-0939-4D3F-9FE4-7C0C836F7D2B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{50D54331-67FA-4094-A1D7-63173C73FC5B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2A1F263A-F14E-4A62-87ED-86FBA837268B}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2B773058-ED51-4EEE-9175-217D150D3617}C:\users\pjsue\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\pjsue\appdata\local\akamai\netsession_win.exe
FirewallRules: [{31A1E63C-37AC-4E67-B183-37A5E88CC141}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{CBB164DC-520E-4F53-BFFC-41D49961EF08}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{DA0354C7-8D88-403C-A657-2196EC561C48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B89BFACC-3AFA-4E00-B217-D601E1A35654}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E282CCC-98FD-4F74-BE54-22001FCABB11}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A3F98EF-042E-4F15-B711-14187BDEE32F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{D729690C-9B2E-455A-A7CE-458245F67A95}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{B707C4DC-B534-4369-8F6E-440CEB4985A4}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{155C7B04-F343-481E-BD30-4D42EF274F29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A2FE0B0-FE3B-4DB3-816D-3ACF4982D7B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E743D6EC-33B0-464C-8C71-623F5FC02C02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{01175038-361D-49C0-9D2F-D37559FF9A4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2495B37A-2C8C-4C02-8B1D-04B3F9E17EB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{494E815C-3193-4BB9-B2B2-BFF967915FDE}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe
FirewallRules: [{FAD8BF29-1269-43A2-BF09-EFE548E7A79D}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe
FirewallRules: [{30A5C969-7D46-4F94-AEB8-0DD422269E2B}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe
FirewallRules: [{BB89648D-FAE1-4DA5-9A68-E84D1393FCD7}] => (Allow) C:\Program Files (x86)\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe
FirewallRules: [{AF68B1FC-FAA1-4ED6-9457-B5EAAB466D48}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{D0F74856-E901-4016-895D-7D4745DF8F73}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{4721A28D-EC0A-450C-81B3-F6906971B0BA}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{C38BA3C8-B419-4886-BEB3-383D389A18AF}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{96BFF1FD-4115-4B89-823F-15833891C524}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5382BC6E-9B76-4C89-957A-A347095411A7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{10BE39C3-D905-438E-B67D-2C2065986DB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B3ABEC66-25F7-4848-997A-C244E6C4E6CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4CD2D970-DA7C-4E8D-88D5-D48B43109195}] => (Allow) C:\Program Files (x86)\Eye-Fi\EyeFiActivation.exe
FirewallRules: [{3E15FCC3-E18D-4BAF-B62C-D3149044B758}] => (Allow) C:\Program Files (x86)\Eye-Fi\EyeFiActivation.exe
FirewallRules: [{43EE8EF2-333F-4DB1-B68F-31EA853822FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0FFA543-D295-4908-9C24-8EF3DF458231}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{C3B4FD35-93A9-409C-A181-1B1DC36A9D3D}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [TCP Query User{9EB69385-6440-4B12-A4DB-9EFAFFBEEE4E}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [UDP Query User{D17FA033-F465-4E2E-B9F5-B1B559EE5E17}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{53CC592B-5419-4836-9EF6-58A3A35E6DBF}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [{5103382C-D2A6-4A0E-92D3-AA21C9A9DA9E}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{0CF15B6E-362D-42E9-AF31-DA158CD5BB2A}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{E6FC5B34-293B-4373-9D59-7335DD018368}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{D24D1F4E-6195-4FEB-908F-A32E4CEC9AA9}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{991F3469-3D6C-48D4-80DD-175C12117F06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BEF5E7F9-A221-476A-A157-4A2123A2848D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{7105D83E-D1CE-4AC8-869F-EBA65969B57F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{277743C2-EBCA-4149-AFA1-708509A43C62}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F9AF2FD8-482D-4AC3-9513-B034957B1E2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A10357A8-7865-42B9-A4EA-3056C5D0F8A6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1E1EAB8F-D73F-439D-98AA-0131088A7E86}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{871FB14F-4A51-42C4-A4AE-D966E6235101}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{26202750-7497-4E4D-B8AF-161595F22DD2}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{5BC1ACD0-A3C0-4C3E-8D01-7B2A34B829B2}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{8FE60985-F127-4020-8831-9D14D016E847}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{9C61811D-0D75-4CFC-8E61-C44487A11D72}] => (Allow) C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe
FirewallRules: [{8A271A3B-0E1F-46D1-8DFD-FA58E7083A5F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{06A4F1F3-A24F-4355-893C-8159A3DF3EC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9B6BDE1-D1AC-422E-9A58-1EDA1C100B95}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{734DB897-2EBC-47ED-A4ED-F8EC4B057DD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{793E044F-C114-49F9-B10D-44A4C723DDA1}] => (Allow) C:\Users\PjSue\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{AAC028BB-2DC1-4414-8101-ADB650C1EE26}] => (Allow) C:\Users\PjSue\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{A576AC58-9D1C-4D3F-A198-14EB093D689D}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{309AE277-27DD-4550-B888-0D3307637D78}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D9E5D18F-71E4-4D75-8806-85281ED2421F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{EE5B9511-2EA7-4CB1-842D-1A20BCA979CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29468B25-B9C2-4AE1-B4F0-FFEFDD48F97F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44A94B10-F5D5-4969-99CA-8D975ABD3AA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F0ABFD6-5A61-4BBE-8AB1-2E5541F6A9B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1809A19-DB6A-41B5-B573-82224E54C529}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\MovieModule.exe
FirewallRules: [{16219ED4-30C3-41EA-A19A-72808ED33722}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
FirewallRules: [{6A5A0031-63EF-40FA-B6D5-6EBF77BF0DDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
FirewallRules: [{CBAE941D-3E81-459E-8F00-442C232FAF79}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe
FirewallRules: [{A63D13D2-6668-4807-B0F4-BF6D47697AF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe
FirewallRules: [{C133311E-7788-4DAA-85B6-A751223B174A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{F08F3B3F-506B-482C-92BF-14A517A2713D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{75445921-F43D-4C9F-BA92-9850B532672A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0F9948C9-95C0-471B-A0CA-9E1FB493D93B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5FAEA3D0-04C4-48D8-B56A-804C62FC48FA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{739D8E39-AC66-4445-A1F3-2F2365EF372A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{12B16596-73B6-4E60-B731-1DD065A9719C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D6FE0EBA-88A3-4C70-9983-045FA617FF33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}] => (Allow) LPort=1900
FirewallRules: [{5A91AC63-3975-4121-8662-306E9525B30E}] => (Allow) LPort=2869
FirewallRules: [{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{49868BF0-D3D6-4970-91EB-44579779DCDF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{7A97418A-E174-4B18-A490-D704C3CB3ADC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{94366B90-A943-4C73-B429-AD2070EA6575}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{2DBF4837-2596-4CBC-A83F-23A74D76E1CD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{F538A120-6245-4847-9A74-28153B9BACCB}] => (Allow) C:\Program Files (x86)\EyeFiReceiver.exe
FirewallRules: [{35925D60-1A08-4232-9D49-E03D55D01C1A}] => (Allow) C:\Program Files (x86)\EyeFiReceiver.exe
FirewallRules: [TCP Query User{DBFA4F0A-9701-4A2B-87C3-0B6AF3FDAA25}C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{B68E4E47-6D95-4CC9-913A-859A0BBB5143}C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\pjsue\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{75843653-672A-42B0-ABFF-E08556314C1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
09-11-2016 09:42:47 Windows Update
16-11-2016 17:49:13 Scheduled Checkpoint
24-11-2016 10:40:09 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2016 12:47:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (11/29/2016 12:47:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (11/29/2016 12:46:38 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (11/29/2016 12:46:38 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (11/29/2016 11:34:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PJANDSUSIEQ)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/29/2016 05:25:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PJANDSUSIEQ)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
System errors:
=============
Error: (11/29/2016 11:43:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2016 11:34:26 AM) (Source: DCOM) (EventID: 10001) (User: PJANDSUSIEQ)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
Error: (11/29/2016 11:30:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2016 11:30:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2016 11:29:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/29/2016 11:29:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
Error: (11/29/2016 11:29:05 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80068d715b0, 0xffff9b81d8d2f378, 0xffff9b81d8d2eba0). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 57debbba-4bf8-4003-bd13-edfe834bb0ab.
Error: (11/29/2016 11:28:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/29/2016 11:28:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.
Error: (11/29/2016 11:28:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DigitalWave.Update.Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
CodeIntegrity:
===================================
Date: 2016-11-29 04:20:00.450
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-29 04:20:00.441
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-29 04:20:00.435
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-28 04:21:13.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-28 04:21:13.020
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-28 04:21:13.014
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-27 05:37:55.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-27 05:37:55.586
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-27 05:37:55.582
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-26 05:35:40.383
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(10270).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 16343.91 MB
Available physical RAM: 9280 MB
Total Virtual: 24517.91 MB
Available Virtual: 17198.59 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:672.85 GB) (Free:355.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:468.62 GB) NTFS
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by PjSue (administrator) on PJANDSUSIEQ (29-11-2016 12:52:56)
Running from C:\Users\PjSue\Desktop
Loaded Profiles: PjSue (Available Profiles: PjSue & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dashlane, Inc.) C:\Users\PjSue\AppData\Roaming\Dashlane\Dashlane.exe
(Akamai Technologies, Inc.) C:\Users\PjSue\AppData\Local\Akamai\netsession_win.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Akamai Technologies, Inc.) C:\Users\PjSue\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\PjSue\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
() C:\Users\PjSue\Desktop\RogueKillerX64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-30] (Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [McDiags AutoLaunch] => 0
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-18] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [20161125] => "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\f97878cc-787a-4de0-89c0-253160af29ad\16f8ca7e-6758-4efd-83f3-0ddd4dc72842.dll",_stage2@16
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Run: [Dashlane] => C:\Users\PjSue\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-11-10] (Dashlane, Inc.)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\...\Run: [Akamai NetSession Interface] => C:\Users\PjSue\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
Startup: C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2014-07-06]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{80a1a3b3-626c-4281-b413-fc9c763de47e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{86b20717-4af5-419c-a578-aceb7b6b6ed1}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKU\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\PjSue\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-11-10] (Dashlane, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: captaincook2@bigpond.com
FF ProfilePath: C:\Users\PjSue\AppData\Roaming\Philips-Songbird\Profiles\pr6lrskw.default [2015-04-30]
FF NetworkProxy: Philips-Songbird\Profiles\pr6lrskw.default -> no_proxies_on", "127.0.0.1;localhost"
FF NetworkProxy: Philips-Songbird\Profiles\pr6lrskw.default -> type", 4
FF Extension: (Artwork Extras) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (CD Rip Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Concerts) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (AAC Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MP3 Encoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (File association) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [2015-03-09] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (mashTape) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MSC Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (MTP Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Philips addon manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Branding) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [2015-03-09] [not signed]
FF Extension: (LikeMusic) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2015-03-09] [not signed]
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2015-03-09] [not signed]
FF Extension: (Philips auto msc-mtp switch) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Promotions) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2015-03-09] [not signed]
FF Extension: (Philips Skin) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [2015-03-09] [not signed]
FF Extension: (Philips UI) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [2015-03-09] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Media Sharing) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2015-03-09] [not signed]
FF Extension: (Windows Media Playback) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [2015-03-09] [not signed]
FF ProfilePath: C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default [2016-11-29]
FF NewTab: Mozilla\Firefox\Profiles\9bazgagd.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9bazgagd.default -> Search Provided by Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\9bazgagd.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9bazgagd.default -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\9bazgagd.default -> hxxps://www.facebook.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\9bazgagd.default -> hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Extension: (Test Pilot) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\@testpilot-addon.xpi [2016-11-24]
FF Extension: (Youtube to MP3 Converter Free) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\@youtubemp3free.xpi [2016-06-26]
FF Extension: (Click&Clean) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\clickclean@hotcleaner.com [2016-04-28]
FF Extension: (YouTube mp3) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\info@youtube-mp3.org.xpi [2016-04-28]
FF Extension: (Dashlane) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-23]
FF Extension: (YouTube™ Flash® Player) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-11-03]
FF Extension: (Page Shot) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\jid1-NeEaf3sAHdKHPA@jetpack.xpi [2016-11-24]
FF Extension: (S3.Google Translator) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\s3google@translator.xpi [2016-10-19]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2016-06-18]
FF Extension: (AniWeather) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2016-04-28]
FF Extension: (YouTube High Definition) - C:\Users\PjSue\AppData\Roaming\Mozilla\Firefox\Profiles\9bazgagd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-11-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [youcam@cyberlink.com] - C:\Program Files (x86)\CyberLink\YouCam7\BrowserExtension\Firefox
FF Extension: (CyberLink YouCam WebLogin) - C:\Program Files (x86)\CyberLink\YouCam7\BrowserExtension\Firefox [2015-08-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.0.2\ma\bin\npMotive.dll [2014-04-23] (Telstra Corporation Ltd.)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-04-23] (Telstra Corporation Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxps://www.google.com.au/
CHR StartupUrls: Profile 3 -> "hxxps://www.facebook.com/"
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Currency Converter) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2016-08-28]
CHR Extension: (Webcam Toy) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-08-28]
CHR Extension: (Google Maps) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-28]
CHR Extension: (WGT Golf Game) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2016-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR Extension: (My Chrome Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-08-28]
CHR Extension: (Red Bull TV) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2016-08-28]
CHR Extension: (Click&Clean App) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-11-24]
CHR Extension: (Radio) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2016-09-28]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-09-28]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aomjekmpappghadlogpigifkghlmebjk [2016-09-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-09-28]
CHR Extension: (My IP address) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2016-09-28]
CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dappigdjllcnkkoacaoolciaolaaiemb [2016-09-28]
CHR Extension: (WGT Golf Challenge) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2016-09-28]
CHR Extension: (Calculator) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-09-28]
CHR Extension: (PicMonkey Extension) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2016-09-28]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2016-09-28]
CHR Extension: (Fun with Anatomy: 3D Skeletal Edition) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\edaipbgjneincgihdfdbmjfeobinapea [2016-09-28]
CHR Extension: (Photovisi - Photo Collage Maker) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\emkkfkcbnpdnhgeolpbggbdogfngiadf [2016-09-28]
CHR Extension: (Dashlane) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-09-28]
CHR Extension: (PicMonkey) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-09-28]
CHR Extension: (Full Screen Weather) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-09-28]
CHR Extension: (Coloring Pages) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\foniidelkdlapcpngdpcchdemnemdbnf [2016-09-28]
CHR Extension: (365Scores) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gocaejggjgdmkhmbinicknpbhagkblop [2016-09-28]
CHR Extension: (Flixster) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2016-09-28]
CHR Extension: (Pixlr Express) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-09-28]
CHR Extension: (MotorAuthority in Pictures) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iejnbmehnhkijljppacclfbmkncnaekh [2016-09-28]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-09-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2016-09-28]
CHR Extension: (Pixlr Touch Up) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jklljiahjgoglchglekebfljnmbaleig [2016-09-28]
CHR Extension: (Build with Chrome) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-09-28]
CHR Extension: (Currency Converter) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2016-09-28]
CHR Extension: (Webcam Toy) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-09-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-27]
CHR Extension: (Google Maps) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-09-28]
CHR Extension: (WGT Golf Game) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (My Chrome Theme) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-28]
CHR Extension: (Red Bull TV) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pbalkogcfbpplioohgihkidalmomblfc [2016-09-28]
CHR Extension: (Click&Clean App) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-11-29]
CHR Extension: (Google Docs) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Jigsaw Puzzles) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bjfjbbggnhfffnobladegogdkdjheibb [2016-09-28]
CHR Extension: (Honey) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-11-27]
CHR Extension: (Pushbullet) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-28]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-11-21]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2016-09-28]
CHR Extension: (Pixlr-o-matic) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2016-09-28]
CHR Extension: (Google Calendar) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-28]
CHR Extension: (Dashlane) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-09-28]
CHR Extension: (AirDroid) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-11-29]
CHR Extension: (Google Forms) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2016-09-28]
CHR Extension: (Momentum) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-11-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-28]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR Profile: C:\Users\PjSue\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-24]
CHR HKU\S-1-5-21-649218570-585308798-3976316672-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-28] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-30] (AVAST Software)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-09-14] ()
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-10-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-10-12] (CyberLink)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-08-24] (Digital Wave Ltd.)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-21] (ASUSTek Computer Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616 2016-10-25] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-23] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-30] (Atheros) [File not signed]
S2 BlinkRM; "C:\Program Files (x86)\eEye Digital Security\Blink\blinkrm.exe" [X]
S2 blinksvc; "C:\Program Files (x86)\eEye Digital Security\Blink\blinksvc.exe" [X]
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-03-01] (ASUSTek Computer Inc.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-24] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
R1 de_cleaner_kasperskydrv; C:\WINDOWS\System32\DRIVERS\3153993.sys [352784 2009-10-09] (Kaspersky Lab)
R3 dvdfab; C:\WINDOWS\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-11-29] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-16] (CyberLink Corp.)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-29 12:52 - 2016-11-29 12:54 - 00041878 _____ C:\Users\PjSue\Desktop\FRST.txt
2016-11-29 12:50 - 2016-11-29 12:52 - 02411520 _____ (Farbar) C:\Users\PjSue\Desktop\FRST64.exe
2016-11-29 12:48 - 2016-11-29 12:48 - 00009504 _____ C:\Users\PjSue\Desktop\rk_F0D5.tmp.txt
2016-11-29 12:48 - 2016-11-29 12:48 - 00009502 _____ C:\Users\PjSue\Desktop\Roguekiller.txt
2016-11-29 11:27 - 2016-11-29 11:29 - 00542212 _____ C:\WINDOWS\Minidump\112916-44359-01.dmp
2016-11-29 10:22 - 2016-11-29 11:37 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-11-29 10:22 - 2016-11-29 10:22 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-29 10:20 - 2016-11-29 10:22 - 25550920 _____ C:\Users\PjSue\Desktop\RogueKillerX64.exe
2016-11-28 15:27 - 2016-11-28 15:29 - 00541908 _____ C:\WINDOWS\Minidump\112816-56578-01.dmp
2016-11-25 17:40 - 2016-11-25 17:42 - 00542116 _____ C:\WINDOWS\Minidump\112516-42703-01.dmp
2016-11-25 05:53 - 2016-11-25 06:15 - 00000000 ____D C:\EEK
2016-11-25 05:43 - 2016-11-25 05:53 - 254461872 _____ C:\Users\PjSue\Downloads\EmsisoftEmergencyKit.exe
2016-11-24 18:07 - 2016-11-24 18:10 - 00542236 _____ C:\WINDOWS\Minidump\112416-35078-01.dmp
2016-11-24 10:28 - 2016-11-24 10:28 - 03910208 _____ C:\Users\PjSue\Downloads\AdwCleaner (1).exe
2016-11-24 10:25 - 2016-11-24 10:39 - 01631928 _____ (Malwarebytes) C:\Users\PjSue\Downloads\JRT.exe
2016-11-24 06:24 - 2016-11-24 07:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-24 06:22 - 2016-11-24 06:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PjSue\Downloads\mbar-1.09.3.1001.exe
2016-11-23 13:34 - 2016-11-23 13:36 - 00081788 _____ C:\Users\PjSue\Downloads\Addition.txt
2016-11-23 13:33 - 2016-11-29 12:52 - 00000000 ____D C:\FRST
2016-11-23 13:22 - 2016-11-23 13:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-11-23 13:21 - 2016-11-23 13:21 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PJANDSUSIEQ-Windows-10-Home-(64-bit).dat
2016-11-23 13:21 - 2016-11-23 13:21 - 00000000 ____D C:\RegBackup
2016-11-23 13:19 - 2016-11-23 13:19 - 03449206 _____ C:\Users\PjSue\Downloads\tweaking.com_registry_backup_portable.zip
2016-11-23 10:55 - 2016-11-23 11:00 - 102896472 _____ (Kaspersky Lab ZAO) C:\Users\PjSue\Downloads\KVRT.exe
2016-11-23 10:37 - 2016-11-23 10:48 - 00038690 _____ C:\WINDOWS\ntbtlog.txt
2016-11-23 10:34 - 2016-11-23 10:35 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (5).exe
2016-11-23 06:16 - 2016-11-23 06:17 - 00000000 ____D C:\Users\PjSue\Desktop\Mums Trip
2016-11-23 06:15 - 2016-11-29 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-23 06:15 - 2016-11-23 06:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-23 06:15 - 2016-11-23 06:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-23 06:14 - 2016-11-23 06:14 - 01888264 _____ (Malwarebytes ) C:\Users\PjSue\Downloads\mbae-setup-1.09.1.1261.exe
2016-11-23 04:10 - 2016-11-23 04:12 - 00541852 _____ C:\WINDOWS\Minidump\112316-41625-01.dmp
2016-11-22 17:15 - 2016-11-22 17:15 - 00009915 _____ C:\Users\PjSue\Downloads\Payslip_20161120_64001201.PDF
2016-11-22 15:36 - 2016-11-22 15:38 - 00542124 _____ C:\WINDOWS\Minidump\112216-43609-01.dmp
2016-11-21 19:02 - 2016-11-21 19:02 - 00000168 _____ C:\Users\PjSue\Downloads\ATT00002.htm
2016-11-21 18:45 - 2016-11-21 18:47 - 00542228 _____ C:\WINDOWS\Minidump\112116-35609-01.dmp
2016-11-21 15:55 - 2016-11-21 15:55 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (4).exe
2016-11-21 12:31 - 2016-11-21 12:36 - 00542180 _____ C:\WINDOWS\Minidump\112116-52453-01.dmp
2016-11-21 10:59 - 2016-11-29 11:27 - 1647126620 _____ C:\WINDOWS\MEMORY.DMP
2016-11-21 10:59 - 2016-11-29 11:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-21 10:59 - 2016-11-21 11:00 - 00541932 _____ C:\WINDOWS\Minidump\112116-40468-01.dmp
2016-11-19 12:06 - 2016-11-29 04:23 - 00000000 ____D C:\Users\PjSue\AppData\LocalLow\Mozilla
2016-11-19 12:06 - 2016-11-21 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 17:37 - 2016-11-15 17:38 - 10758584 _____ (Adobe Systems Inc.) C:\Users\PjSue\Downloads\AdobeAIRInstaller (1).exe
2016-11-15 17:31 - 2016-11-15 17:31 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-11-13 08:31 - 2016-11-13 08:31 - 00000331 _____ C:\Users\PjSue\AppData\Local\LMIR0001.tmp_r.bat
2016-11-12 15:46 - 2016-11-12 15:46 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (4)
2016-11-12 15:37 - 2016-11-12 15:37 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (3)
2016-11-12 15:36 - 2016-11-12 15:36 - 03601560 _____ C:\Users\PjSue\Downloads\Part 1 (2)
2016-11-12 15:35 - 2016-11-12 15:35 - 00573873 _____ C:\Users\PjSue\Downloads\Part 1 (1)
2016-11-12 15:34 - 2016-11-12 15:34 - 00573873 _____ C:\Users\PjSue\Downloads\Part 1
2016-11-09 09:06 - 2016-11-02 22:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 09:06 - 2016-11-02 22:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 09:06 - 2016-11-02 21:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 09:06 - 2016-11-02 21:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 09:06 - 2016-11-02 21:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 09:06 - 2016-11-02 21:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 09:06 - 2016-11-02 21:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 09:06 - 2016-11-02 21:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 09:06 - 2016-11-02 21:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 09:06 - 2016-11-02 21:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 09:06 - 2016-11-02 21:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 09:06 - 2016-11-02 21:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 09:06 - 2016-11-02 21:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 09:06 - 2016-11-02 21:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 09:06 - 2016-11-02 21:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 09:06 - 2016-11-02 21:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 09:06 - 2016-11-02 21:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 09:06 - 2016-11-02 21:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 09:06 - 2016-11-02 21:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 09:06 - 2016-11-02 21:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 09:06 - 2016-11-02 21:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 09:06 - 2016-11-02 21:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 09:06 - 2016-11-02 21:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 09:06 - 2016-11-02 20:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 09:06 - 2016-11-02 20:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 09:06 - 2016-11-02 20:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 09:06 - 2016-11-02 20:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 09:06 - 2016-11-02 20:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 09:06 - 2016-11-02 20:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 09:06 - 2016-11-02 20:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 09:06 - 2016-11-02 20:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 09:06 - 2016-11-02 20:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 09:06 - 2016-11-02 20:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 09:06 - 2016-11-02 20:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 09:06 - 2016-11-02 20:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 09:06 - 2016-11-02 20:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 09:06 - 2016-11-02 20:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 09:06 - 2016-11-02 20:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 09:06 - 2016-11-02 20:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 09:06 - 2016-11-02 20:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 09:06 - 2016-11-02 20:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 09:06 - 2016-11-02 20:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 09:06 - 2016-11-02 20:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 09:06 - 2016-11-02 20:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 09:06 - 2016-11-02 20:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 09:06 - 2016-11-02 20:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 09:06 - 2016-11-02 20:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 09:06 - 2016-11-02 20:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 09:06 - 2016-11-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 09:06 - 2016-11-02 20:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 09:06 - 2016-11-02 20:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 09:06 - 2016-11-02 20:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 09:06 - 2016-11-02 20:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 09:06 - 2016-11-02 20:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 09:06 - 2016-11-02 20:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 09:06 - 2016-11-02 20:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 09:06 - 2016-11-02 20:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 09:06 - 2016-11-02 20:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 09:06 - 2016-11-02 20:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 09:06 - 2016-11-02 20:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 09:06 - 2016-11-02 20:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 09:06 - 2016-11-02 20:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 09:06 - 2016-11-02 20:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 09:06 - 2016-11-02 20:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 09:06 - 2016-11-02 20:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 09:06 - 2016-11-02 20:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 09:06 - 2016-11-02 20:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 09:06 - 2016-11-02 20:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 09:06 - 2016-11-02 20:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 09:06 - 2016-11-02 20:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 09:06 - 2016-11-02 20:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 09:06 - 2016-11-02 20:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 09:06 - 2016-11-02 18:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 09:05 - 2016-11-02 21:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 09:05 - 2016-11-02 21:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 09:05 - 2016-11-02 21:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 09:05 - 2016-11-02 21:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 09:05 - 2016-11-02 21:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 09:05 - 2016-11-02 21:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 09:05 - 2016-11-02 21:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 09:05 - 2016-11-02 21:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 09:05 - 2016-11-02 21:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 09:05 - 2016-11-02 21:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 09:05 - 2016-11-02 21:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 09:05 - 2016-11-02 21:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 09:05 - 2016-11-02 21:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 09:05 - 2016-11-02 21:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 09:05 - 2016-11-02 21:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 09:05 - 2016-11-02 21:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 09:05 - 2016-11-02 21:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 09:05 - 2016-11-02 21:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 09:05 - 2016-11-02 20:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 09:05 - 2016-11-02 20:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 09:05 - 2016-11-02 20:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 09:05 - 2016-11-02 20:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 09:05 - 2016-11-02 20:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 09:05 - 2016-11-02 20:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 09:05 - 2016-11-02 20:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 09:05 - 2016-11-02 20:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 09:05 - 2016-11-02 20:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 09:05 - 2016-11-02 20:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 09:05 - 2016-11-02 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 09:05 - 2016-11-02 20:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 09:05 - 2016-11-02 20:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 09:05 - 2016-11-02 20:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 09:05 - 2016-11-02 20:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 09:05 - 2016-11-02 20:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 09:05 - 2016-11-02 20:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 09:05 - 2016-11-02 20:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 09:05 - 2016-11-02 20:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 09:05 - 2016-11-02 20:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 09:05 - 2016-11-02 20:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 09:05 - 2016-11-02 20:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 09:05 - 2016-11-02 20:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 09:05 - 2016-11-02 20:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 09:05 - 2016-11-02 20:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 09:05 - 2016-11-02 20:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 09:05 - 2016-11-02 20:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 09:05 - 2016-11-02 20:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 09:05 - 2016-11-02 20:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 09:05 - 2016-11-02 20:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 09:05 - 2016-11-02 20:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 09:05 - 2016-11-02 20:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 09:05 - 2016-11-02 20:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 09:05 - 2016-11-02 20:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 09:05 - 2016-11-02 20:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 09:05 - 2016-11-02 20:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 09:05 - 2016-11-02 20:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 09:05 - 2016-11-02 20:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 09:05 - 2016-11-02 20:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 09:05 - 2016-11-02 20:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 09:05 - 2016-11-02 20:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 09:05 - 2016-11-02 20:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 09:05 - 2016-11-02 20:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 09:05 - 2016-11-02 20:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 09:05 - 2016-11-02 20:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 09:05 - 2016-11-02 20:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 09:05 - 2016-11-02 20:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 09:05 - 2016-11-02 20:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 09:05 - 2016-11-02 19:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 09:05 - 2016-11-02 19:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 09:05 - 2016-08-02 14:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 09:03 - 2016-11-09 09:03 - 03910208 _____ C:\Users\PjSue\Downloads\adwcleaner_6.030.exe
2016-11-09 07:35 - 2016-11-13 08:31 - 00000000 ____D C:\Users\PjSue\AppData\Local\LogMeIn Rescue Applet
2016-11-08 07:07 - 2016-11-08 07:07 - 01165622 _____ C:\Users\PjSue\Downloads\1195872174.pdf
2016-11-08 07:06 - 2016-11-08 07:06 - 01164930 _____ C:\Users\PjSue\Downloads\1187900857.pdf
2016-11-07 17:23 - 2016-11-07 17:23 - 00927623 _____ C:\Users\PjSue\Downloads\06 - Summer 2016.pdf
2016-11-05 04:16 - 2016-11-05 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-04 09:51 - 2016-11-04 09:51 - 03423928 _____ (Symantec Corporation) C:\Users\PjSue\Downloads\NPE (3).exe
2016-11-04 06:52 - 2016-11-04 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-11-04 06:51 - 2016-11-04 06:52 - 10380544 _____ (Innovative Solutions ) C:\Users\PjSue\Downloads\Advanced_Uninstaller12_15_CNet.exe
2016-11-04 06:12 - 2016-11-04 06:12 - 10397064 _____ (MyTurboPC.com) C:\Users\PjSue\Downloads\Myturbopc_B0DE9D15-8BA4-4FF4-9F2E-AF8ED9F524C1_.exe
2016-11-02 18:59 - 2016-11-02 18:59 - 02226110 _____ C:\Users\PjSue\Downloads\Policy renewal (1).pdf
2016-11-02 18:59 - 2016-11-02 18:59 - 00100141 _____ C:\Users\PjSue\Downloads\Coles FSG 2016.pdf
2016-11-02 18:58 - 2016-11-02 18:58 - 00297172 _____ C:\Users\PjSue\Downloads\Coles Motor PDS 0216.pdf
2016-11-01 15:44 - 2016-11-01 15:44 - 02226110 _____ C:\Users\PjSue\Downloads\Policy renewal.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-29 12:46 - 2009-07-14 13:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-29 12:02 - 2014-08-13 16:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-29 11:59 - 2016-10-02 09:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-29 11:30 - 2015-07-30 22:36 - 00000000 ____D C:\Users\PjSue\AppData\Local\HTC MediaHub
2016-11-29 11:27 - 2016-10-02 10:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-29 11:27 - 2016-10-02 09:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-28 15:42 - 2016-10-02 10:00 - 00000000 ____D C:\Users\PjSue
2016-11-28 09:41 - 2015-08-24 12:28 - 00000000 ____D C:\Users\PjSue\Desktop\Asstd Funnies
2016-11-27 06:39 - 2016-10-03 03:43 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-27 06:39 - 2016-07-16 16:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-11-27 05:58 - 2015-02-06 14:30 - 00000000 ____D C:\Program Files\CamStudio 2.7
2016-11-24 18:16 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-24 10:32 - 2013-11-14 07:34 - 00000000 ____D C:\AdwCleaner
2016-11-24 10:12 - 2016-06-08 10:13 - 00000000 ____D C:\Users\PjSue\AppData\LocalLow\Temp
2016-11-24 10:08 - 2016-09-28 17:37 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-24 09:50 - 2014-06-26 17:43 - 00000000 ____D C:\Users\PjSue\AppData\Local\CrashDumps
2016-11-24 06:53 - 2015-08-24 12:23 - 00000000 ____D C:\Users\PjSue\Desktop\Political Funnies
2016-11-24 06:23 - 2014-08-13 16:01 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-24 06:15 - 2016-10-02 10:59 - 00004030 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2016-11-23 14:19 - 2016-07-16 21:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-23 11:44 - 2016-08-06 07:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-11-23 10:50 - 2016-10-02 09:45 - 00276632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-23 10:45 - 2016-01-05 16:58 - 00000000 ____D C:\Users\PjSue\AppData\Local\NPE
2016-11-23 10:37 - 2016-08-29 08:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-23 10:37 - 2016-01-05 17:01 - 00000000 ____D C:\NPE
2016-11-23 07:29 - 2014-07-11 17:54 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Skype
2016-11-23 07:01 - 2016-01-05 15:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 07:01 - 2014-07-11 17:54 - 00000000 ____D C:\ProgramData\Skype
2016-11-21 11:37 - 2015-08-24 12:32 - 00000000 ____D C:\Users\PjSue\Desktop\Website Stuff
2016-11-21 11:03 - 2016-07-16 21:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-21 11:01 - 2016-07-16 16:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-21 10:59 - 2014-06-26 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-21 08:25 - 2014-07-14 16:14 - 00000000 ___HD C:\Users\PjSue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2016-11-21 08:09 - 2014-03-17 15:47 - 00000000 ____D C:\Users\PjSue\Documents\34th Database
2016-11-20 14:23 - 2015-11-09 05:36 - 00000000 ____D C:\Users\PjSue\Desktop\Work memes
2016-11-19 12:06 - 2016-09-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2016-11-18 03:50 - 2014-06-26 17:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-17 09:20 - 2015-08-19 07:33 - 00000000 ____D C:\Users\PjSue\AppData\Roaming\Dashlane
2016-11-15 17:31 - 2016-10-02 10:00 - 00000000 ____D C:\Users\DefaultAppPool
2016-11-15 09:21 - 2014-07-12 11:29 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-12 15:51 - 2016-10-26 17:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-12 15:45 - 2014-08-17 17:27 - 00000000 ____D C:\Users\PjSue\AppData\Local\Adobe
2016-11-11 17:52 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 10:01 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-10 10:01 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-09 10:33 - 2015-03-24 13:27 - 00000000 ____D C:\Users\PjSue\AppData\Local\Eye-Fi
2016-11-09 10:31 - 2015-09-10 15:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 10:19 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 10:16 - 2015-08-24 15:11 - 00000000 ____D C:\Users\PjSue\Desktop\Print
2016-11-09 10:15 - 2016-07-16 21:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 10:06 - 2014-06-27 17:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 09:46 - 2014-06-27 17:51 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 07:57 - 2016-10-02 10:59 - 00003820 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2016-11-09 07:54 - 2016-10-02 09:58 - 01121942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-09 07:50 - 2014-06-26 16:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-09 07:49 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-11-09 06:06 - 2016-10-02 10:59 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-07 14:49 - 2016-01-05 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-06 15:33 - 2016-10-09 14:55 - 00010054 _____ C:\WINDOWS\SysWOW64\test.bmp
2016-11-06 05:23 - 2015-08-24 12:23 - 00000000 ____D C:\Users\PjSue\Desktop\Muslim Funnies
2016-11-05 04:17 - 2014-07-28 16:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-05 04:16 - 2016-10-02 10:59 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-11-05 04:16 - 2014-07-28 16:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-04 06:52 - 2016-06-30 14:47 - 00001600 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2016-11-03 06:53 - 2014-06-28 07:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-30 09:07 - 2014-06-26 16:48 - 00000000 ____D C:\Users\PjSue\AppData\Local\Google
==================== Files in the root of some directories =======
2014-07-13 12:14 - 2014-01-03 16:38 - 8322294 _____ () C:\Program Files (x86)\avcodec-54.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0944215 _____ () C:\Program Files (x86)\avfilter-3.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 1869401 _____ () C:\Program Files (x86)\avformat-54.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0355201 _____ () C:\Program Files (x86)\avutil-52.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0250316 _____ () C:\Program Files (x86)\bsptp.lib
2016-10-26 12:13 - 2016-10-26 12:13 - 0035088 _____ () C:\Program Files (x86)\bsptpWrapper.dll
2014-07-13 12:14 - 2014-03-20 15:07 - 0038810 _____ () C:\Program Files (x86)\Changes.txt
2014-07-13 12:14 - 2013-03-04 09:57 - 2632898 _____ () C:\Program Files (x86)\codecs.dll
2014-07-13 12:14 - 2012-07-04 19:16 - 0021547 _____ () C:\Program Files (x86)\Commandline.txt
2014-07-13 12:14 - 2014-03-06 15:24 - 0067657 _____ () C:\Program Files (x86)\config.xml
2016-10-26 12:13 - 2016-10-26 12:13 - 0029456 _____ () C:\Program Files (x86)\ConfigData.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0078336 _____ (Fengtao Software Inc.) C:\Program Files (x86)\CrashRpt.dll
2014-07-13 12:14 - 2013-09-06 15:51 - 2106216 _____ (Microsoft Corporation) C:\Program Files (x86)\D3DCompiler_43.dll
2014-07-13 12:14 - 2013-11-23 16:25 - 0348504 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dref9.dll
2014-07-13 12:14 - 2013-03-29 11:23 - 1998168 _____ (Microsoft Corporation) C:\Program Files (x86)\D3DX9_43.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0640000 _____ (Microsoft Corporation) C:\Program Files (x86)\dbghelp.dll
2014-07-13 12:14 - 2012-11-25 19:12 - 0000048 _____ () C:\Program Files (x86)\DVDFab Passkey.url
2014-07-13 12:14 - 2013-10-08 16:57 - 0006086 _____ () C:\Program Files (x86)\dvdfab.crt
2014-07-13 12:14 - 2014-03-20 18:14 - 11888672 _____ (Fengtao Software Inc.) C:\Program Files (x86)\DVDFab.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 1157730 _____ () C:\Program Files (x86)\DVDFab.rcc
2014-07-13 12:14 - 2014-03-26 19:19 - 0000047 _____ () C:\Program Files (x86)\DVDFab.url
2014-07-13 12:14 - 2012-11-24 17:50 - 1394552 _____ (Fengtao Software Inc.) C:\Program Files (x86)\DVDFabPasskey.exe
2014-07-13 12:14 - 2013-03-04 09:57 - 0042664 _____ () C:\Program Files (x86)\error.wav
2016-10-26 12:13 - 2016-10-26 12:13 - 0049920 _____ () C:\Program Files (x86)\EyeFiCard.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0021264 _____ () C:\Program Files (x86)\EyeFiCardCommon.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0065280 _____ () C:\Program Files (x86)\EyeFiCloud.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0943392 _____ () C:\Program Files (x86)\EyeFiLauncher.exe
2016-10-26 12:13 - 2016-10-26 12:13 - 5227808 _____ () C:\Program Files (x86)\EyeFiReceiver.exe
2016-10-26 12:12 - 2016-10-26 12:12 - 0001506 _____ () C:\Program Files (x86)\EyeFiReceiver.exe.config
2014-07-13 12:14 - 2014-03-12 17:53 - 0373792 _____ () C:\Program Files (x86)\FabCheck.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 0184352 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabCopy.exe
2014-07-13 12:14 - 2014-03-12 17:54 - 0542240 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabCore.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 0149024 _____ () C:\Program Files (x86)\FabRegOp.exe
2014-07-13 12:14 - 2014-03-14 11:46 - 1553440 _____ () C:\Program Files (x86)\FabReport.exe
2014-07-13 12:14 - 2014-03-12 17:53 - 1958432 _____ (Fengtao Software Inc.) C:\Program Files (x86)\FabUpdate.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 0326395 _____ () C:\Program Files (x86)\FileMove.rcc
2014-07-13 12:14 - 2014-03-12 17:53 - 1206816 _____ () C:\Program Files (x86)\FileMover.exe
2014-07-13 12:14 - 2013-04-12 14:05 - 0030473 _____ () C:\Program Files (x86)\FileMove_AnimationSetting.txt
2014-07-13 12:14 - 2013-04-12 14:05 - 0014735 _____ () C:\Program Files (x86)\FileMove_style.css
2016-10-26 12:13 - 2016-10-26 12:13 - 0021784 _____ () C:\Program Files (x86)\FirewallHelper.exe
2014-07-13 12:14 - 2013-12-16 09:54 - 0458752 _____ () C:\Program Files (x86)\freetype6.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0046848 _____ (hardcodet.net) C:\Program Files (x86)\Hardcodet.Wpf.TaskbarNotification.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0050688 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyApp.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0070144 _____ (Bit Stadium GmbH) C:\Program Files (x86)\HockeyAppPCL.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0196608 _____ (ICSharpCode.net) C:\Program Files (x86)\ICSharpCode.SharpZipLib.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0019456 _____ ( ) C:\Program Files (x86)\Interop.NetFwTypeLib.dll
2014-07-13 12:14 - 2012-07-04 19:16 - 0026940 _____ () C:\Program Files (x86)\lgpl-2.1.txt
2014-07-13 12:14 - 2013-12-16 09:54 - 2314240 _____ () C:\Program Files (x86)\libass.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0071168 _____ () C:\Program Files (x86)\libEGL.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0143096 _____ () C:\Program Files (x86)\libexpat-1.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0279059 _____ () C:\Program Files (x86)\libfontconfig-1.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0990208 _____ () C:\Program Files (x86)\libGLESv2.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0134656 _____ () C:\Program Files (x86)\libmad.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0117774 _____ () C:\Program Files (x86)\libmpeg2-0.dll
2014-07-13 12:14 - 2014-02-27 13:41 - 5324800 _____ () C:\Program Files (x86)\libplayercore.dll
2014-07-13 12:14 - 2014-03-12 11:03 - 0006508 _____ () C:\Program Files (x86)\License.txt
2014-07-13 12:14 - 2014-03-12 11:02 - 0006965 _____ () C:\Program Files (x86)\License_Italian.txt
2016-10-26 12:13 - 2016-10-26 12:13 - 0013072 _____ () C:\Program Files (x86)\Logger.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0086528 _____ () C:\Program Files (x86)\mgwz.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0037104 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0047424 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0064919 _____ () C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.Desktop.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0031520 _____ (Microsoft Corporation) C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0019600 _____ () C:\Program Files (x86)\Microsoft.Threading.Tasks.Extensions.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0001870 _____ () C:\Program Files (x86)\Microsoft.VC80.CRT.manifest
2016-10-26 12:12 - 2016-10-26 12:12 - 0479232 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcm80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0554832 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp80.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0875472 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr110.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0632656 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr80.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0489472 _____ (Newtonsoft) C:\Program Files (x86)\Newtonsoft.Json.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0224096 _____ () C:\Program Files (x86)\postproc-52.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0073382 _____ (Open Source Software community project) C:\Program Files (x86)\pthreadGC2.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0029184 _____ (Microsoft) C:\Program Files (x86)\PusherClient.dll
2014-07-13 12:14 - 2014-03-26 19:19 - 0000941 _____ () C:\Program Files (x86)\QT Log.lnk
2014-07-13 12:14 - 2014-01-16 15:50 - 5072896 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Core.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3414016 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Gui.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0783360 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Network.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0276992 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5OpenGL.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3089408 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Qml.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 2532864 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Quick.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0403456 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5QuickParticles.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0172544 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Sql.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0231424 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Svg.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 4810240 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Widgets.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 0187904 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5Xml.dll
2014-07-13 12:14 - 2014-01-16 15:50 - 3267584 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files (x86)\Qt5XmlPatterns.dll
2014-07-13 12:14 - 2014-03-20 15:07 - 0010918 _____ () C:\Program Files (x86)\Readme.txt
2014-07-13 12:14 - 2011-04-20 16:05 - 0074776 _____ (Fengtao Software Inc.) C:\Program Files (x86)\RegDVDFabPasskey.exe
2016-10-26 12:12 - 2016-10-26 12:12 - 0778616 _____ (Microsoft Corporation) C:\Program Files (x86)\ribboncontrolslibrary.dll
2014-07-13 12:14 - 2013-04-12 14:05 - 0004595 _____ () C:\Program Files (x86)\Setting.txt
2014-07-13 12:14 - 2014-03-12 10:50 - 0084722 _____ () C:\Program Files (x86)\style.css
2014-07-13 12:14 - 2013-03-04 09:57 - 0036716 _____ () C:\Program Files (x86)\succ.wav
2014-07-13 12:14 - 2013-12-16 09:54 - 0146203 _____ () C:\Program Files (x86)\swresample-0.dll
2014-07-13 12:14 - 2013-12-16 09:54 - 0432290 _____ () C:\Program Files (x86)\swscale-2.dll
2014-07-13 12:14 - 2011-08-04 17:46 - 0111616 _____ (Fengtao Software Inc.) C:\Program Files (x86)\syssnap.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 1172992 _____ (Robert Simpson, et al.) C:\Program Files (x86)\System.Data.SQLite.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0021168 _____ (Microsoft Corporation) C:\Program Files (x86)\System.IO.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0000134 _____ () C:\Program Files (x86)\System.IO.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0022208 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Runtime.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0002972 _____ () C:\Program Files (x86)\System.Runtime.xml
2016-10-26 12:12 - 2016-10-26 12:12 - 0034528 _____ (Microsoft Corporation) C:\Program Files (x86)\System.Threading.Tasks.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0033808 _____ () C:\Program Files (x86)\System.Threading.Tasks.xml
2014-07-13 12:14 - 2014-03-12 11:43 - 0000243 _____ () C:\Program Files (x86)\uicfg.zip
2014-07-13 12:14 - 2013-03-04 09:57 - 0013522 _____ () C:\Program Files (x86)\uictl_default.xml
2014-07-13 12:14 - 2013-07-04 11:47 - 0735323 _____ () C:\Program Files (x86)\uiframe.rcc
2014-07-13 12:14 - 2014-03-26 19:19 - 0552135 _____ () C:\Program Files (x86)\unins000.dat
2014-07-13 12:14 - 2014-03-26 19:17 - 1290784 _____ () C:\Program Files (x86)\unins000.exe
2014-07-13 12:14 - 2014-03-26 19:19 - 0022701 _____ () C:\Program Files (x86)\unins000.msg
2014-07-13 12:14 - 2014-03-20 18:16 - 0011693 _____ () C:\Program Files (x86)\update.xml
2014-07-13 12:14 - 2013-11-07 11:55 - 3072872 _____ (VSO Software) C:\Program Files (x86)\vso_hwe.dll
2016-10-26 12:12 - 2016-10-26 12:12 - 0088576 _____ (WebSocket4Net) C:\Program Files (x86)\WebSocket4Net.dll
2016-10-26 12:13 - 2016-10-26 12:13 - 0467288 _____ (Microsoft Corp.) C:\Program Files (x86)\WPFToolkit.dll
2014-07-13 12:14 - 2013-03-04 09:57 - 0065536 _____ () C:\Program Files (x86)\zlibwapi.dll
2016-01-12 08:35 - 2016-01-12 08:44 - 0000467 _____ () C:\Users\PjSue\AppData\Roaming\burnaware.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000096 _____ () C:\Users\PjSue\AppData\Roaming\Camdata.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000408 _____ () C:\Users\PjSue\AppData\Roaming\CamLayout.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0000408 _____ () C:\Users\PjSue\AppData\Roaming\CamShapes.ini
2015-02-06 14:40 - 2016-01-05 12:39 - 0004546 _____ () C:\Users\PjSue\AppData\Roaming\CamStudio.cfg
2016-11-04 06:13 - 2016-11-04 06:47 - 0000115 _____ () C:\Users\PjSue\AppData\Roaming\LogFile.txt
2014-06-26 16:11 - 2014-08-03 08:49 - 0000387 _____ () C:\Users\PjSue\AppData\Roaming\sp_data.sys
2015-02-06 14:31 - 2016-01-05 12:39 - 0000096 _____ () C:\Users\PjSue\AppData\Roaming\version2.xml
2014-11-30 13:29 - 2016-07-06 09:08 - 0052736 _____ () C:\Users\PjSue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-13 08:31 - 2016-11-13 08:31 - 0000331 _____ () C:\Users\PjSue\AppData\Local\LMIR0001.tmp_r.bat
2016-02-23 06:36 - 2016-02-23 06:39 - 0007609 _____ () C:\Users\PjSue\AppData\Local\resmon.resmoncfg
2014-06-07 02:54 - 2014-06-07 02:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-06-07 02:53 - 2014-06-07 02:54 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-07 02:53 - 2014-06-07 02:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\PjSue\AppData\Local\Temp\dllnt_dump.dll
C:\Users\PjSue\AppData\Local\Temp\libeay32.dll
C:\Users\PjSue\AppData\Local\Temp\msvcr120.dll
C:\Users\PjSue\AppData\Local\Temp\sqlite3.dll
Didn't get a complete log but I think we can continue.
Run RogueKiller
IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again
close all programs
double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
after it has completed it's prescan, click on Scan
make sure the following entries there are checked:
[PUP] (X64) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\IM -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\OCS -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\IM -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\OCS -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-649218570-585308798-3976316672-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUP][Chrome:Addon] Profile 3 : Honey -> Found
then press the Delete button and post the log it produces.
~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
[b]NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShortcutWithArgument: C:\Users\PjSue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AirDroid.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=hkgndiocipalkpejnpafdbdlfdjihomd
U3 idsvc; no ImagePath
C:\Users\PjSue\AppData\Local\Temp\dllnt_dump.dll
C:\Users\PjSue\AppData\Local\Temp\libeay32.dll
C:\Users\PjSue\AppData\Local\Temp\msvcr120.dll
C:\Users\PjSue\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~`
Scan with Zemana AntiMalware Free:
Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
Please download (https://www.zemana.com/AntiMalwareFree) and install Zemana AntiMalware Free (http://www.bleepingcomputer.com/download/zemana-antimalware/)
Double-click software shortcut on the desktop and follow the prompts to install the program .
If an update is available, click the Update now button.
At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
Auto Launch > Untick the box next
Scan type > Smart scan (Default)
Close all open files, folders and browsers
Click scan now ''Run as Administrator'' and a threat Scan will begin.
When the scan is complete, Press report and send me report.
Please PC restart now.
~~~~~~~~~~~~
Please post these logs when finished.
Right all went well noticed in zemana there was a host hijack file that needed repair???? requested files attached... ps.. I am back to daily listing and delisting in the CBL in order to use my email I cant wait for this nightmare to end... Midge
I think this is going to be hit and miss trying to find and remove this infection
https://support.microsoft.com/en-us/kb/972034
follow the above link to clean host files.
~~
let's set browsers back to default
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
~~
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
Hi Juliet, sorry I had some minor surgery so been out of action for a couple of days, back now and bit stunned, I went to do the daily delist this morning and I got a different message about the infection, It has always said I had a dyre bot but today I got this......
IP Address 101.184.209.254 is not listed in the CBL.
It was previously listed, but was removed at 2016-12-02 20:55 GMT (5 minutes ago)
At the time of removal, this was the explanation for this listing:
The host at this IP address is infected with the Ebury Rootkit/Backdoor trojan.
Ebury is a SSH rootkit/backdoor trojan for Linux and Unix-style operating systems. It is installed by attackers on root-level compromised hosts by either replacing SSH related binaries (such as ssh or sshd) or a shared library (such as libkeyutils.so) used by SSH.
Ebury infected hosts are used for criminal activities, such as sending out spam emails or hosting exploit kits.
How are these detected? Login credentials harvested by Ebury from SSH connections from/to your system were seen being sent to a dropzone server for the malware.
Further information can be found in CERT-Bund: Ebury SSH Rootkit. We recommend that you follow all of their instructions very carefully.
One of our correspondant's noted that (on CentOS) an infected libkeyutils.so was around 35K bytes in size, where as the correct one is around 1K. So, one quick check is to find the file (under /lib) and examine the size. If it's much over 1-2K, reinstall it (eg: "yum reinstall keyutils-libs" on CentOS) and see if it changes.
This has far more detail. Note that it demonstrates that the rootkit even changes RPM checksums, so a RPM verify will not work.
EVEN IF you cannot find libkeyutils.so, or it is the right size, ebury is probably still present in a substituted ssh, sshd or some other related file.
What do I do from here???? have you had any experience with this problem.... Midge
What do I do from here???? have you had any experience with this problem.... Midge
I have not had any experience with this and I'm afraid that from what I am reading now, we're in trouble.
When we first started I read that most have to reformat from this infection but, I had high hopes we could find it and wipe it out but now, I see now we're at the end of the road of what we can do.
We did remove tid bits here and there but it's not enough and again from what I'm reading....you can't trust this computer now.
https://www.cert-bund.de/ebury-faq
If your system is infected with Ebury, it has been root-level compromised and can no longer be trusted. The attackers have probably changed security-related system settings or installed additional malware. Therefore we highly recommend re-installing the operating system instead of trying to clean it up.
Totally agree Juliet, I am on the phone to my provider but suspect complete wipe is the only answer I will let you know how i get on as a courtesy many thanks mate
Juliet just for your info... the more I read the info about the virus it appeared to me that my provider had the problem not me... I am with Telstra which is by far the biggest internet provider in Australia they have about 80 percent of the market and 100 percent of the wires... They told me they are having a nightmare with 558 error messages and cant figure out why... I mentioned the info I had and it was like the penny dropped... they have their experts checking it out but I think we might have stumbled onto why they and some of their customers are in this insidious position.. I am supposed to ring them back on Monday evening our time... Could be an interesting call... I will let you know...
Oh yes please do
The write up states that it came in from an infected server/host so it could very well be their problem but, I sure do hope they did backups from their end and had them stored offset the servers they use for their customers.
Could be a nightmare they never dreamed of.
Juliet I am waiting to hear back from my provider tonight, however I am getting different reasons for being listed every time I check, this is the last one from this morning does it shed any more light on the drama..
I read it's possible it locates itself in the Master boot record or in the Volume boot record of a computer. This is the worse place imaginable to have an infection if this is indeed where and whats happening.
Trying to find the most recent version of the infection...(If I did) was it locates in your router from your IP?, this is a big guess.
Let's try a couple of things.
Reset your router again...
turn it off, and turn the computer off.
Turn the router back on and turn the computer back on.
~~~~~
Then, I found a couple things that might help then again might not.
http://support.eset.com/kb3471/?viewlocale=en_US
The above link claims to have a tool (ESET Rovnix Cleaner tool) that will remove this infection or an older version,,can't tell exactly
The below link is where an infection of this type was removed(3 years ago) with a tool used called TDSSKiller that I have used in the past but not on Windows 10
https://www.bleepingcomputer.com/forums/t/515309/mse-says-it-removed-win64rovnixgena-but/
If you would like to try this tool we can but, Since I'm not sure how compatible it is with Windows 10, I want you to create a restore point first in case something doesn't go quite right.
https://support.microsoft.com/en-us/instantanswers/e6bbddb0-9db4-4d88-9063-42c52c79a96e/create-a-system-restore-point
~~
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
or from the below link
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Hi Juliet I created the restore point and ran the ESET rovnix detector without success here is the report the other one wouldn't let me copy the report but it also found nothing... it gets stranger by the day
[2016.12.07 17:22:38.013] - Begin
[2016.12.07 17:22:38.013] -
[2016.12.07 17:22:38.013] - ....................................
[2016.12.07 17:22:38.013] - ..::::::::::::::::::....................
[2016.12.07 17:22:38.013] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Rovnix
[2016.12.07 17:22:38.013] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.1.0.2
[2016.12.07 17:22:38.013] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Nov 24 2014
[2016.12.07 17:22:38.013] - .::EE:::::::::::::SS:.EE..........TT......
[2016.12.07 17:22:38.013] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2016.12.07 17:22:38.028] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2016.12.07 17:22:38.028] - ....................................
[2016.12.07 17:22:38.028] -
[2016.12.07 17:22:38.028] - --------------------------------------------------------------------------------
[2016.12.07 17:22:38.028] -
[2016.12.07 17:22:38.028] - INFO: OS: 6.2.9200 SP0
[2016.12.07 17:22:38.028] - INFO: Product Type: Workstation
[2016.12.07 17:22:38.028] - INFO: WoW64: True
[2016.12.07 17:22:38.028] - INFO: Machine guid: 93D0CB18-CF8A-40B5-8495-33309A7E98C7
[2016.12.07 17:22:38.028] -
[2016.12.07 17:22:38.044] - INFO: Scanning for system infection...
[2016.12.07 17:22:38.044] - --------------------------------------------------------------------------------
[2016.12.07 17:22:38.044] -
[2016.12.07 17:22:38.044] - INFO: INF_PASI3 - 0x00000000...
[2016.12.07 17:22:38.044] - INFO: ESET Cleaner Service initialized successfully.
[2016.12.07 17:22:38.044] -
[2016.12.07 17:22:38.044] - --------------------------------------------------------------------------------
[2016.12.07 17:22:38.044] - INFO: Checking active infection...
[2016.12.07 17:22:38.044] -
[2016.12.07 17:22:38.044] - INFO: INF_PASGSH2 - 0x00000000...
[2016.12.07 17:22:38.044] - INFO: INF_PASGSH3 - 0x00000000...
[2016.12.07 17:22:38.044] - --------------------------------------------------------------------------------
[2016.12.07 17:22:38.044] - INFO: Checking inactive infection...
[2016.12.07 17:22:38.044] -
[2016.12.07 17:22:38.060] - INFO: CHECKING DISK NO - 0 | TYPE - 7 | SIZE - 0x575466EF(698GB)
[2016.12.07 17:22:38.075] - INFO: EFI detected...
[2016.12.07 17:22:38.075] - INFO: -> PARTITION NO - 0 | TYPE - 0xEE | BOOTABLE - False | STARTING LBA - 0x00000001 | SIZE - 0xFFFFFFFF (2047GB)
[2016.12.07 17:22:38.075] -
[2016.12.07 17:22:38.107] - INFO: 00000001: passed...
[2016.12.07 17:22:38.107] -
[2016.12.07 17:22:38.107] - INFO: INF_DIDBD02...
[2016.12.07 17:22:38.122] - INFO: CHECKING DISK NO - 1 | TYPE - 7 | SIZE - 0x74706DAF(931GB)
[2016.12.07 17:22:38.497] - INFO: -> PARTITION NO - 0 | TYPE - 0x07 | BOOTABLE - False | STARTING LBA - 0x00000800 | SIZE - 0x74705800 (931GB)
[2016.12.07 17:22:38.497] -
[2016.12.07 17:22:38.513] - INFO: 00000001: passed...
[2016.12.07 17:22:38.513] -
[2016.12.07 17:22:38.513] - INFO: INF_DIDBD02...
[2016.12.07 17:22:38.513] - --------------------------------------------------------------------------------
[2016.12.07 17:22:38.513] - INFO: Win32/Rovnix not found
Please be prepared to reformat.